CVE-2018-21097: Buffer Overflow
First published: Mon Apr 27 2020(Updated: )
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR WAC505 | <5.0.5.4 | |
| NETGEAR WAC505 | ||
| NETGEAR WAC510 firmware | <5.0.5.4 | |
| NETGEAR WAC510 firmware | ||
| Netgear WAC120 AC Firmware | <2.1.7 | |
| Netgear WAC120 AC Firmware | ||
| Netgear WN604 | <3.3.10 | |
| Netgear WN604 | ||
| Netgear WNAP320 firmware | <3.7.11.4 | |
| Netgear WNAP320 firmware | ||
| NETGEAR WNAP210 | <3.7.11.4 | |
| NETGEAR WNAP210 firmware | =v2 | |
| Netgear WNDAP350 Firmware | <3.7.11.4 | |
| Netgear WNDAP350 Firmware | ||
| NETGEAR WNDAP360 | <3.7.11.4 | |
| NETGEAR WNDAP360 firmware | ||
| NETGEAR WNDAP660 | <3.7.11.4 | |
| NETGEAR WNDAP660 firmware | ||
| NETGEAR WNDAP620 | <2.1.7 | |
| NETGEAR WNDAP620 firmware | ||
| NETGEAR WND930 firmware | <2.1.5 | |
| NETGEAR WND930 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-21097?
CVE-2018-21097 is classified as a critical vulnerability due to the potential for remote unauthenticated exploitation leading to code execution.
How do I fix CVE-2018-21097?
To fix CVE-2018-21097, users should upgrade their affected NETGEAR devices to the latest firmware version available.
Which NETGEAR devices are affected by CVE-2018-21097?
CVE-2018-21097 affects NETGEAR devices including WAC505, WAC510, WAC120, WN604, WNAP320, WNAP210v2, WNDAP350, and WNDAP360 that are running specific pre-updated firmware versions.
Can CVE-2018-21097 be exploited remotely?
Yes, CVE-2018-21097 can be exploited by an unauthenticated attacker remotely, allowing them to execute arbitrary code on the device.
What type of vulnerability is CVE-2018-21097?
CVE-2018-21097 is a stack-based buffer overflow vulnerability that can lead to system crashes or remote code execution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear wac505
- canonical/netgear wac510 firmware
- canonical/netgear wac120 ac firmware
- canonical/netgear wn604
- canonical/netgear wnap320 firmware
- canonical/netgear wnap210
- canonical/netgear wnap210 firmware
- version/netgear wnap210 firmware/v2
- canonical/netgear wndap350 firmware
- canonical/netgear wndap360
- canonical/netgear wndap360 firmware
- canonical/netgear wndap660
- canonical/netgear wndap660 firmware
- canonical/netgear wndap620
- canonical/netgear wndap620 firmware
- canonical/netgear wnd930 firmware