What is CVE-2018-21163?

CVE-2018-21163 is a stack-based buffer overflow vulnerability affecting certain NETGEAR devices.

Which NETGEAR devices are affected by CVE-2018-21163?

The affected NETGEAR devices are DGN2200Bv4, DGN2200v4, EX3700, EX3800, EX6000, EX6100, EX6120, EX6130, EX6150, EX6200, EX7000, R6300, R6900p, R7000p, R7300dst, R7900p, R8000, R8000p, Wn2500rp, and Wndr3400.

What is the severity of CVE-2018-21163?

CVE-2018-21163 has a severity rating of 7.2 (high).

How does CVE-2018-21163 impact the affected devices?

CVE-2018-21163 allows an authenticated user to trigger a stack-based buffer overflow, potentially leading to remote code execution.

Where can I find more information about CVE-2018-21163?

You can find more information about CVE-2018-21163 in the Netgear Security Advisory: https://kb.netgear.com/000055196/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0308

Vulnerability/
CVE-2018-21163

high

7.2

CWE

787 119

23/4/2020

1/5/2020

CVE-2018-21163: Buffer Overflow

First published: Thu Apr 23 2020(Updated: )

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.38, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6300v2 before 1.0.4.22, R6900P before 1.3.0.18, R7000P before 1.3.0.18, R7300DST before 1.0.0.62, R7900P before 1.3.0.10, R8000 before 1.0.4.12, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.52, and WNDR3400v3 before 1.0.1.18.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Netgear Dgn2200b Firmware	<1.0.0.102
Netgear Dgn2200b	=v4
Netgear Dgn2200 Firmware	<1.0.0.102
Netgear DGN2200	=v4
Netgear Ex3700 Firmware	<1.0.0.70
Netgear Ex3700
Netgear Ex3800 Firmware	<1.0.0.70
Netgear Ex3800
Netgear Ex6000 Firmware	<1.0.0.30
Netgear Ex6000
Netgear Ex6100 Firmware	<1.0.2.22
Netgear EX6100
Netgear Ex6120 Firmware	<1.0.0.40
Netgear Ex6120
Netgear Ex6130 Firmware	<1.0.0.22
Netgear Ex6130
NETGEAR R7800	<1.0.0.38
Netgear Ex6150
Netgear Ex6200 Firmware	<1.0.3.86
Netgear EX6200
Netgear Ex7000 Firmware	<1.0.0.64
NETGEAR EX7000
Netgear R6300 Firmware	<1.0.4.22
Netgear R6300	=v2
Netgear R6900p Firmware	<1.3.0.18
Netgear R6900P
Netgear R7000p Firmware	<1.3.0.18
Netgear R7000P
Netgear R7300dst Firmware	<1.0.0.62
Netgear R7300dst
Netgear R7900p Firmware	<1.3.0.10
Netgear R7900p
Netgear R8000 Firmware	<1.0.4.12
NETGEAR R8000
Netgear R8000p Firmware	<1.3.0.10
Netgear R8000p
Netgear Wn2500rp Firmware	<1.0.1.52
Netgear Wn2500rp	=v2
Netgear Wndr3400 Firmware	<1.0.1.18
NETGEAR Multiple Routers	=v3

Never miss a vulnerability like this again

Reference Links

https://kb.netgear.com/000055196/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0308

Frequently Asked Questions

What is CVE-2018-21163?
CVE-2018-21163 is a stack-based buffer overflow vulnerability affecting certain NETGEAR devices.
Which NETGEAR devices are affected by CVE-2018-21163?
The affected NETGEAR devices are DGN2200Bv4, DGN2200v4, EX3700, EX3800, EX6000, EX6100, EX6120, EX6130, EX6150, EX6200, EX7000, R6300, R6900p, R7000p, R7300dst, R7900p, R8000, R8000p, Wn2500rp, and Wndr3400.
What is the severity of CVE-2018-21163?
CVE-2018-21163 has a severity rating of 7.2 (high).
How does CVE-2018-21163 impact the affected devices?
CVE-2018-21163 allows an authenticated user to trigger a stack-based buffer overflow, potentially leading to remote code execution.
Where can I find more information about CVE-2018-21163?
You can find more information about CVE-2018-21163 in the Netgear Security Advisory: https://kb.netgear.com/000055196/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0308