PT-2020-8842 · NetGear · Netgear R7800+7

Mongo

Published

2020-04-28

Updated

2020-05-05

CVE-2018-21198

CVSS v3.1

6.8

Medium

Vector

AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NETGEAR D6100 versions 1.0.0.0 through 1.0.0.56 NETGEAR R7800 versions 1.0.0.0 through 1.2.0.43 NETGEAR R9000 versions 1.0.0.0 through 1.0.2.51 NETGEAR WNDR3700v4 versions 1.0.0.0 through 1.0.2.91 NETGEAR WNDR4300 versions 1.0.0.0 through 1.0.2.93 NETGEAR WNDR4300v2 versions 1.0.0.0 through 1.0.0.53 NETGEAR WNDR4500v3 versions 1.0.0.0 through 1.0.0.53 NETGEAR WNR2000v5 versions 1.0.0.0 through 1.0.0.61

Description A stack-based buffer overflow issue exists, allowing an authenticated user to potentially exploit it.

Recommendations For NETGEAR D6100 version 1.0.0.56 and earlier, update to version 1.0.0.57 or later. For NETGEAR R7800 version 1.2.0.43 and earlier, update to version 1.2.0.44 or later. For NETGEAR R9000 version 1.0.2.51 and earlier, update to version 1.0.2.52 or later. For NETGEAR WNDR3700v4 version 1.0.2.91 and earlier, update to version 1.0.2.92 or later. For NETGEAR WNDR4300 version 1.0.2.93 and earlier, update to version 1.0.2.94 or later. For NETGEAR WNDR4300v2 version 1.0.0.53 and earlier, update to version 1.0.0.54 or later. For NETGEAR WNDR4500v3 version 1.0.0.53 and earlier, update to version 1.0.0.54 or later. For NETGEAR WNR2000v5 version 1.0.0.61 and earlier, update to version 1.0.0.62 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2018-21198

Affected Products

Netgear R6100

Netgear R7800

Netgear R9000

Netgear Wndr3700V4

Netgear Wndr4300

Netgear Wndr4300V2

Netgear Wndr4500V3

Netgear Wnr2000V5

PT-2020-8842 · NetGear · Netgear R7800+7

CVE-2018-21198

Weakness Enumeration

Related Identifiers

Affected Products

References · 3