CVE-2017-18846 — Out-of-bounds Write in Netgear D8500 Firmware

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 84.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear D8500 Firmware Netgear R6250 Firmware Netgear R6400 Firmware +5 more

Timeline

PublishedApr 20

Latest updateMay 24

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages8 packages

▶NVDnetgear/d8500_firmware< 1.0.3.29

▶NVDnetgear/r6250_firmware< 1.0.4.12

▶NVDnetgear/r7900_firmware< 1.0.1.18

▶NVDnetgear/r8300_firmware< 1.0.2.100_1.0.82

▶NVDnetgear/r8500_firmware< 1.0.2.100_1.0.82

🔴Vulnerability Details

GHSA

GHSA-2jph-wvx4-hmjh: Certain NETGEAR devices are affected by a stack-based buffer overflow↗2022-05-24

▶

CVEList

CVE-2017-18846: Certain NETGEAR devices are affected by a stack-based buffer overflow↗2020-04-20

▶