A vulnerability classified as critical was found in Netgear D7800, DM200, R6100, R7500, R7800, R8900, R9000, WNDR3700v4, WNDR4300, WNDR4300v2, WNDR4500v3 and WNR2000v5 (Router Operating System). This vulnerability affects an unknown code. The manipulation with an unknown input leads to a stack-based overflow vulnerability. The CWE definition for the vulnerability is CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

The weakness was released 04/27/2020 (Website). The advisory is shared for download at kb.netgear.com. This vulnerability was named CVE-2018-21149 since 04/20/2020. The attack needs to be initiated within the local network. A single authentication is needed for exploitation. There are neither technical details nor an exploit publicly available.

Upgrading eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Netgear

Name

• D7800
• DM200
• R6100
• R7500
• R7800
• R8900
• R9000
• WNDR3700v4
• WNDR4300
• WNDR4300v2
• WNDR4500v3
• WNR2000v5

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion