CVE-2018-21144

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

CVSS v3 6.8 MEDIUM
CVSS v2.0 5.2 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.2^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-21 21:15

Updated : 2020-04-27 15:50

NVD link : CVE-2018-21144

Mitre link : CVE-2018-21144

CVE.ORG link : CVE-2018-21144

JSON object : View

Products Affected

netgear

dm200
r9000
dm200_firmware
r7800_firmware
wndr4300_firmware
r8900
r7500
wndr3700_firmware
wndr3700
r7800
r9000_firmware
wndr4500
wndr4300
wnr2000_firmware
wnr2000
r7500_firmware
r8900_firmware
wndr4500_firmware

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2018-21144", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2020-04-21T21:15:12.867", "references": [{"url": "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria por parte de un usuario autenticado. Esto afecta a DM200 en versiones anteriores a la 1.0.0.52, R7500 en versiones anteriores a la 1.0.0.122, R7800 en versiones anteriores a la 1.0.2.42, R8900 en versiones anteriores a la 1.0.3.10, R9000 en versiones anteriores a la 1.0.3. 16, WNDR3700v4 en versiones anteriores a la 1.0.2.96, WNDR4300 en versiones anteriores a la 1.0.2.98, WNDR4300v2 en versiones anteriores a la 1.0.0.54, WNDR4500v3 en versiones anteriores a la 1.0.0.54, y WNR2000v5 en versiones anteriores a la 1.0.0.64."}], "lastModified": "2020-04-27T15:50:59.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DEE689F-923A-414C-B048-E4716DA2B783", "versionEndExcluding": "1.0.0.52"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", "versionEndExcluding": "1.0.0.122"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF3B3F26-401C-4ED0-B871-4B4F8521F369"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D351BB-5034-4771-96BB-F143951CE5D5", "versionEndExcluding": "1.0.2.42"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "610C6DB8-E11E-4EAE-A16F-189283F70B26", "versionEndExcluding": "1.0.3.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C7D5A8-3B1D-4DCD-ACB6-8629CE598C25", "versionEndExcluding": "1.0.3.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", "versionEndExcluding": "1.0.2.96"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "257A5E68-8EDC-44F5-A85C-83A91C93CCE5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", "versionEndExcluding": "1.0.2.98"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1413C591-D066-4FA2-BEB1-6C60F8645F28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", "versionEndExcluding": "1.0.0.54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4428B145-B86D-4709-BBA9-64BDE7D35A25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", "versionEndExcluding": "1.0.0.54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C31D6808-4103-4543-B7AB-84A79CD12006"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", "versionEndExcluding": "1.0.0.64"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "317F25FF-B3A2-4C68-888F-D2627C564867"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

6.8 /10