Vulnerability Description
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | R9000 Firmware | < 1.0.2.52 |
| Netgear | R9000 | - |
| Netgear | Ex2700 Firmware | < 1.0.1.28 |
| Netgear | Ex2700 | - |
| Netgear | R6100 Firmware | < 1.0.1.20 |
| Netgear | R6100 | - |
| Netgear | R7500 Firmware | < 1.0.3.24 |
| Netgear | R7500 | v2 |
| Netgear | D6000 Firmware | < 1.0.0.67 |
| Netgear | D6000 | - |
| Netgear | D3600 Firmware | < 1.0.0.67 |
| Netgear | D3600 | - |
| Netgear | Wn2000Rpt Firmware | < 1.0.1.20 |
| Netgear | Wn2000Rpt | v3 |
| Netgear | Wn3000Rp Firmware | < 1.0.2.50 |
| Netgear | Wn3000Rp | v3 |
| Netgear | Wn3100Rp Firmware | < 1.0.0.56 |
| Netgear | Wn3100Rp | v2 |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000055123/Security-Advisory-for-Pre-Authentication-BufferVendor Advisory
- https://kb.netgear.com/000055123/Security-Advisory-for-Pre-Authentication-BufferVendor Advisory
FAQ
What is CVE-2018-21214?
CVE-2018-21214 is a vulnerability with a CVSS score of 8.8 (HIGH). Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R750...
How severe is CVE-2018-21214?
CVE-2018-21214 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-21214?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear R9000 Firmware, Netgear R9000, Netgear Ex2700 Firmware, Netgear Ex2700, Netgear R6100 Firmware.