CVE-2018-21097 — CRITICAL (9.8)

Q: How severe is CVE-2018-21097?

CVE-2018-21097 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-21097?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wac505 Firmware, Netgear Wac505, Netgear Wac510 Firmware, Netgear Wac510, Netgear Wac120 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Wac505 Firmware	< 5.0.5.4
Netgear	Wac505	-
Netgear	Wac510 Firmware	< 5.0.5.4
Netgear	Wac510	-
Netgear	Wac120 Firmware	< 2.1.7
Netgear	Wac120	-
Netgear	Wn604 Firmware	< 3.3.10
Netgear	Wn604	-
Netgear	Wnap320 Firmware	< 3.7.11.4
Netgear	Wnap320	-
Netgear	Wnap210 Firmware	< 3.7.11.4
Netgear	Wnap210	v2
Netgear	Wndap350 Firmware	< 3.7.11.4
Netgear	Wndap350	-
Netgear	Wndap360 Firmware	< 3.7.11.4
Netgear	Wndap360	-
Netgear	Wndap660 Firmware	< 3.7.11.4
Netgear	Wndap660	-
Netgear	Wndap620 Firmware	< 2.1.7
Netgear	Wndap620	-

Related Weaknesses (CWE)

CWE-787

References

https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Vendor Advisory
https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Vendor Advisory

FAQ

What is CVE-2018-21097?

CVE-2018-21097 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.1...

How severe is CVE-2018-21097?

CVE-2018-21097 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-21097?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wac505 Firmware, Netgear Wac505, Netgear Wac510 Firmware, Netgear Wac510, Netgear Wac120 Firmware.