VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 5, 2024

CVE-2017-18846

CVE-2017-18846

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack-based buffer overflow in multiple NETGEAR routers allows authenticated attackers to execute arbitrary code.

Vulnerability

A stack-based buffer overflow vulnerability exists in several NETGEAR routers. Affected models include R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29. [1]

Exploitation

An attacker with administrative privileges can send a crafted request to the device, triggering a stack buffer overflow. The CVSS vector indicates local access, low complexity, and high privileges required, with no user interaction. [1]

Impact

Successful exploitation allows arbitrary code execution with root privileges, potentially leading to full compromise of the device's confidentiality, integrity, and availability. [1]

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should upgrade to the latest firmware as soon as possible. The fixed versions are: R6250 1.0.4.12, R6400v2 1.0.2.32, R7000P/R6900P 1.0.0.56, R7900 1.0.1.18, R8300 1.0.2.100_1.0.82, R8500 1.0.2.100_1.0.82, and D8500 1.0.3.29. [1]

References
  1. Security Advisory for Stack Overflow on Some Routers, PSV-2017-0793

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.