PT-2020-8393 · NetGear · Netgear R7900+5

Published

2020-04-20

·

Updated

2020-04-23

·

CVE-2017-18846

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: NETGEAR R6250 versions prior to 1.0.4.12 NETGEAR R6400v2 versions prior to 1.0.2.32 NETGEAR R7000P/R6900P versions prior to 1.0.0.56 NETGEAR R7900 versions prior to 1.0.1.18 NETGEAR R8300 versions prior to 1.0.2.100 1.0.82 NETGEAR R8500 versions prior to 1.0.2.100 1.0.82 NETGEAR D8500 versions prior to 1.0.3.29
Description: The issue is a stack-based buffer overflow affecting certain NETGEAR devices.
Recommendations: For R6250, update to version 1.0.4.12 or later. For R6400v2, update to version 1.0.2.32 or later. For R7000P/R6900P, update to version 1.0.0.56 or later. For R7900, update to version 1.0.1.18 or later. For R8300, update to version 1.0.2.100 1.0.82 or later. For R8500, update to version 1.0.2.100 1.0.82 or later. For D8500, update to version 1.0.3.29 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2017-18846

Affected Products

Netgear R8500
Netgear R6250
Netgear R6400V2
Netgear R7000P/R6900P
Netgear R7900
Netgear R8300