Vulnerabilities > CVE-2018-21170 - Out-of-bounds Write vulnerability in Netgear products

CVSS 5.8 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

low complexity

netgear

CWE-787

NVD

Published: 2020-04-27

Updated: 2020-05-01

Summary

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

Vulnerable Configurations

Part	Description	Count
OS	Netgear Netgear R7800 Firmware 1.0.2.16 Netgear R7800 Firmware 1.0.2.28 Netgear R7800 Firmware 1.0.2.30 Netgear R7800 Firmware 1.0.2.32 Netgear R7800 Firmware 1.0.2.36 Netgear R7800 Firmware 1.0.2.38 Netgear Ex2700 Firmware * Netgear Wn2000Rpt Firmware 1.0.1.8 Netgear Wn2000Rpt Firmware 1.0.1.14 Netgear Wn3000Rp Firmware 1.0.0.52 Netgear Wn3000Rp Firmware 1.0.0.56 Netgear Wn3000Rp Firmware 1.0.0.68 Netgear Wn3000Rp Firmware 1.0.2.44 Netgear Wn3100Rp Firmware 1.0.0.20 Netgear Wn3100Rp Firmware 1.0.0.40 Netgear Wn3100Rp Firmware 1.0.0.42	16
Hardware	Netgear Netgear R7800 - Netgear Ex2700 - Netgear Wn2000Rpt V3 Netgear Wn3000Rp V3 Netgear Wn3100Rp V2	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://kb.netgear.com/000055188/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-2638