CVE-2017-18738

23.04.2020, 17:15

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
netgear	ex6150_firmware	𝑥 < 1.0.1.54
netgear	r6400_firmware	𝑥 < 1.0.1.24
netgear	r6400_firmware	𝑥 < 1.0.2.32
netgear	r6700_firmware	𝑥 < 1.0.1.22
netgear	r6900_firmware	𝑥 < 1.0.1.22
netgear	r7000_firmware	𝑥 < 1.0.9.10
netgear	r7000p_firmware	𝑥 < 1.2.0.22
netgear	r6900p_firmware	𝑥 < 1.2.0.22
netgear	r7100lg_firmware	𝑥 < 1.0.0.32
netgear	r7300dst_firmware	𝑥 < 1.0.0.54
netgear	r7900_firmware	𝑥 < 1.0.1.18
netgear	r8000_firmware	𝑥 < 1.0.3.48
netgear	r8300_firmware	𝑥 < 1.0.2.106
netgear	r8500_firmware	𝑥 < 1.0.2.106
netgear	r6100_firmware	𝑥 < 1.0.1.16
netgear	wndr4300_firmware	𝑥 < 1.0.0.48
netgear	wndr4500_firmware	𝑥 < 1.0.0.48
netgear	wnr2000_firmware	𝑥 < 1.0.0.58

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706