PT-2020-8868 · NetGear · R7500+11

Published

2020-04-28

Updated

2020-05-04

CVE-2018-21224

CVSS v3.1

8.8

High

Vector

AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions NETGEAR D3600 versions prior to 1.0.0.67 NETGEAR D6000 versions prior to 1.0.0.67 NETGEAR D7800 versions prior to 1.0.1.30 NETGEAR R6100 versions prior to 1.0.1.20 NETGEAR R7500 versions prior to 1.0.0.118 NETGEAR R7500v2 versions prior to 1.0.3.24 NETGEAR R9000 versions prior to 1.0.2.52 NETGEAR WNDR3700v4 versions prior to 1.0.2.96 NETGEAR WNDR4300 versions prior to 1.0.2.98 NETGEAR WNDR4300v2 versions prior to 1.0.0.50 NETGEAR WNDR4500v3 versions prior to 1.0.0.50 NETGEAR WNR2000v5 versions prior to 1.0.0.62

Description The issue is a buffer overflow that can be exploited by an unauthenticated attacker.

Recommendations Update D3600 to version 1.0.0.67 or later. Update D6000 to version 1.0.0.67 or later. Update D7800 to version 1.0.1.30 or later. Update R6100 to version 1.0.1.20 or later. Update R7500 to version 1.0.0.118 or later. Update R7500v2 to version 1.0.3.24 or later. Update R9000 to version 1.0.2.52 or later. Update WNDR3700v4 to version 1.0.2.96 or later. Update WNDR4300 to version 1.0.2.98 or later. Update WNDR4300v2 to version 1.0.0.50 or later. Update WNDR4500v3 to version 1.0.0.50 or later. Update WNR2000v5 to version 1.0.0.62 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2018-21224

Affected Products

D3600

D6000

D7800

R6100

R7500

R7500V2

R9000

Wndr3700V4

Wndr4300

Wndr4300V2

Wndr4500V3

Wnr2000V5

PT-2020-8868 · NetGear · R7500+11

CVE-2018-21224

Weakness Enumeration

Related Identifiers

Affected Products

References · 3