What devices are affected by CVE-2018-21139?

CVE-2018-21139 affects multiple NETGEAR devices including D1500, D500, D6100, D6200, D6220, D6400, D7000, D7800, and several others before their respective firmware updates.

What is the nature of CVE-2018-21139 vulnerability?

CVE-2018-21139 is a vulnerability that involves the disclosure of sensitive information from certain NETGEAR devices.

How can I mitigate the risks of CVE-2018-21139?

To mitigate the risks of CVE-2018-21139, update your NETGEAR devices to the latest firmware version as specified by the manufacturer.

Is there a patch available for CVE-2018-21139?

Yes, a firmware patch is available for all affected NETGEAR devices, which resolves the vulnerabilities associated with CVE-2018-21139.

What steps should I take to update my NETGEAR device regarding CVE-2018-21139?

To update your NETGEAR device for CVE-2018-21139, check the device's settings for firmware updates and install the latest version provided by NETGEAR.

Vulnerability/
CVE-2018-21139

high

7.5

CWE

200

23/4/2020

5/8/2024

CVE-2018-21139: Infoleak

First published: Thu Apr 23 2020(Updated: )

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42, D8500 before 1.0.3.42, DC112A before 1.0.0.40, DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, JNR1010v2 before 1.1.0.54, JR6150 before 1.0.1.18, JWNR2010v5 before 1.1.0.54, PR2000 before 1.0.0.24, R6020 before 1.0.0.34, R6050 before 1.0.1.18, R6080 before 1.0.0.34, R6100 before 1.0.1.22, R6120 before 1.0.0.42, R6220 before 1.1.0.68, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R6700 before 1.0.1.48, R6700v2 before 1.2.0.24, R6800 before 1.2.0.24, R6900 before 1.0.1.48, R6900P before 1.3.1.44, R6900v2 before 1.2.0.24, R7000 before 1.0.9.34, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R7500 before 1.0.0.124, R7500v2 before 1.0.3.38, R7900 before 1.0.2.16, R7900P before 1.4.1.24, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN3000RP before 1.0.0.68, WN3000RPv2 before 1.0.0.68, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR1000v4 before 1.1.0.54, WNR2020 before 1.1.0.54, WNR2050 before 1.1.0.54, and WNR3500Lv2 before 1.2.0.54.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
NETGEAR D1500	<1.0.0.27
NETGEAR D1500 firmware
NETGEAR D500	<1.0.0.27
NETGEAR D500 Firmware
NETGEAR D6100 firmware	<1.0.0.58
NETGEAR D6100 firmware
NETGEAR D6200B firmware	<1.1.00.30
NETGEAR D6200 firmware
Netgear D6220 Firmware	<1.0.0.46
NETGEAR D6220 firmware
NETGEAR D6400	<1.0.0.82
NETGEAR D6400 firmware
NETGEAR D7000v1 firmware	<1.0.1.68
NETGEAR D7000 firmware
NETGEAR D7000v1 firmware	<1.0.0.51
NETGEAR D7000 firmware	=v2
NETGEAR D7800	<1.0.1.42
NETGEAR D7800 Firmware
Netgear D8500 Firmware	<1.0.3.42
Netgear D8500 Firmware
NETGEAR DC112A firmware	<1.0.0.40
Netgear DC112A
NETGEAR DGND2200B firmware	<1.0.0.102
NETGEAR DGND2200B firmware	=v4
NETGEAR DGN2200B firmware	<1.0.0.102
NETGEAR DGN2200M	=v4
NETGEAR JNR1010 firmware	<1.1.0.54
NETGEAR JNR1010v2	=v2
NETGEAR JR6150 firmware	<1.0.1.18
NETGEAR JR6150
NETGEAR JWNR2010v5 firmware	<1.1.0.54
NETGEAR JWNR2010v5 firmware	=v5
NETGEAR PR2000 firmware	<1.0.0.24
NETGEAR PR2000 firmware
NETGEAR R6020 firmware	<1.0.0.34
NETGEAR R6020 firmware
NETGEAR R6050 firmware	<1.0.1.18
NETGEAR R6050 firmware
NETGEAR R6080 firmware	<1.0.0.34
NETGEAR R6080 firmware
NETGEAR R6100 firmware	<1.0.1.22
NETGEAR R6100 firmware
NETGEAR R6120 firmware	<1.0.0.42
NETGEAR R6120 firmware
NETGEAR R6220 firmware	<1.1.0.68
NETGEAR R6220 firmware
netgear R6250 Firmware	<1.0.4.30
NETGEAR R6250
NETGEAR R6300 firmware	<1.0.4.32
NETGEAR R6300v2	=v2
NETGEAR R6400 firmware	<1.0.1.44
NETGEAR R6400 firmware
NETGEAR R6400 firmware	<1.0.2.60
NETGEAR R6400 firmware	=v2
Netgear R6700 Firmware	<1.0.1.48
NETGEAR R6700v1 firmware
Netgear R6700 Firmware	<1.2.0.24
NETGEAR R6700v1 firmware	=v2
NETGEAR R6800 firmware	<1.2.0.24
NETGEAR R6800 firmware
Netgear R6900 Firmware	<1.0.1.48
Netgear R6900 Firmware
NETGEAR R6900P firmware	<1.3.1.44
Netgear R6900 Firmware
Netgear R6900 Firmware	<1.2.0.24
Netgear R6900 Firmware	=v2
NETGEAR R7000 firmware	<1.0.9.34
NETGEAR R7000 firmware
NETGEAR R7000P firmware	<1.3.1.44
Netgear R7000P
NETGEAR R7100LG firmware	<1.0.0.48
Netgear R7100LG
NETGEAR R7300 firmware	<1.0.0.68
NETGEAR R7300 firmware
NETGEAR R7500v2 firmware	<1.0.0.124
NETGEAR R7500v2 firmware
NETGEAR R7500v2 firmware	<1.0.3.38
NETGEAR R7500v2 firmware	=v2
NETGEAR R7900P firmware	<1.0.2.16
NETGEAR R7900P firmware
NETGEAR R7900P firmware	<1.4.1.24
NETGEAR R7900P firmware
NETGEAR R8000 firmware	<1.0.4.18
NETGEAR R8000 firmware
NETGEAR R8000P	<1.4.1.24
NETGEAR R8000P firmware
NETGEAR R8300 firmware	<1.0.2.122
NETGEAR R8300 firmware
NETGEAR R8500	<1.0.2.122
NETGEAR R8500
NETGEAR WN3000RP	<1.0.0.68
NETGEAR WN3000RP firmware
NETGEAR WN3000RP firmware	=v2
NETGEAR WNDR3400	<1.0.1.18
NETGEAR WNDR3400 firmware	=v3
NETGEAR WNDR3700 firmware	<1.0.2.102
NETGEAR WNDR3700v4	=v4
NETGEAR WNDR3700 firmware	<1.1.0.54
NETGEAR WNDR3700v4	=v5
NETGEAR WNDR4300v2 firmware	<1.0.2.104
NETGEAR wndr4300v2	=v1
NETGEAR WNDR4300v2 firmware	<1.0.0.56
NETGEAR wndr4300v2	=v2
NETGEAR WNDR4500 firmware	<1.0.0.56
NETGEAR WNDR4500v3	=v3
NETGEAR WNR1000v3 firmware	<1.1.0.54
Netgear WNR1000	=v4
NETGEAR WNR2020 Firmware	<1.1.0.54
NETGEAR WNR2020 Firmware
NETGEAR WNR2050 Firmware	<1.1.0.54
NETGEAR WNR2050 Firmware
NETGEAR WNR3500L	<1.2.0.54
NETGEAR WNR3500L firmware	=v2

Never miss a vulnerability like this again

Reference Links

https://kb.netgear.com/000060220/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Smart-Cradles-PSV-2017-2198

Frequently Asked Questions

What devices are affected by CVE-2018-21139?
CVE-2018-21139 affects multiple NETGEAR devices including D1500, D500, D6100, D6200, D6220, D6400, D7000, D7800, and several others before their respective firmware updates.
What is the nature of CVE-2018-21139 vulnerability?
CVE-2018-21139 is a vulnerability that involves the disclosure of sensitive information from certain NETGEAR devices.
How can I mitigate the risks of CVE-2018-21139?
To mitigate the risks of CVE-2018-21139, update your NETGEAR devices to the latest firmware version as specified by the manufacturer.
Is there a patch available for CVE-2018-21139?
Yes, a firmware patch is available for all affected NETGEAR devices, which resolves the vulnerabilities associated with CVE-2018-21139.
What steps should I take to update my NETGEAR device regarding CVE-2018-21139?
To update your NETGEAR device for CVE-2018-21139, check the device's settings for firmware updates and install the latest version provided by NETGEAR.