CVE-2018-21149
6.8
Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD
Description
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
Affected (11)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.34 |
| Running on/with | Platform Versions |
|---|---|
Netgear D7800 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.50 |
| Running on/with | Platform Versions |
|---|---|
Netgear Dm200 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear R6100 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.122 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7500 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.2.42 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7800 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.3.10 |
| Running on/with | Platform Versions |
|---|---|
Netgear R8900 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.3.10 |
| Running on/with | Platform Versions |
|---|---|
Netgear R9000 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.2.96 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr3700 | Version v4 |
Configuration I
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr4300 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.54 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr4300 | Version v2 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.54 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr4500 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.64 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wnr2000 | Version v5 |
References (2)
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.