CVE-2018-21217

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 63.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear D3600 Firmware Netgear D6000 Firmware Netgear D6100 Firmware +1 more

Timeline

PublishedApr 28

Latest updateMay 24

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDnetgear/d3600_firmware< 1.0.0.67

▶NVDnetgear/d6000_firmware< 1.0.0.67

▶NVDnetgear/d6100_firmware< 1.0.0.56

▶NVDnetgear/r6100_firmware< 1.0.1.20

🔴Vulnerability Details

GHSA

GHSA-5j7p-83rg-vvj4: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker↗2022-05-24

▶

CVEList

CVE-2018-21217: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker↗2020-04-28

▶