1. Home
  2. CVE Database
  3. CVE-2017-18738
HIGH · 8.8

CVE-2017-18738

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 befor...

Vulnerability Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearEx6150 Firmware< 1.0.1.54
NetgearEx6150v2
NetgearR6400 Firmware< 1.0.1.24
NetgearR6400-
NetgearR6700 Firmware< 1.0.1.22
NetgearR6700-
NetgearR6900 Firmware< 1.0.1.22
NetgearR6900-
NetgearR7000 Firmware< 1.0.9.10
NetgearR7000-
NetgearR7000P Firmware< 1.2.0.22
NetgearR7000P-
NetgearR6900P Firmware< 1.2.0.22
NetgearR6900P-
NetgearR7100Lg Firmware< 1.0.0.32
NetgearR7100Lg-
NetgearR7300Dst Firmware< 1.0.0.54
NetgearR7300Dst-
NetgearR7900 Firmware< 1.0.1.18
NetgearR7900-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2017-18738?

CVE-2017-18738 is a vulnerability with a CVSS score of 8.8 (HIGH). Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 befor...

How severe is CVE-2017-18738?

CVE-2017-18738 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-18738?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Ex6150 Firmware, Netgear Ex6150, Netgear R6400 Firmware, Netgear R6400, Netgear R6700 Firmware.