Unrated severityNVD Advisory· Published May 5, 2020· Updated Aug 5, 2024

CVE-2017-18864

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A pre-authentication buffer overflow in multiple NETGEAR routers allows unauthenticated attackers to execute arbitrary code.

Vulnerability

A pre-authentication buffer overflow vulnerability exists in the firmware of multiple NETGEAR router models. Affected devices include R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104 [1]. The vulnerability can be triggered without authentication.

Exploitation

An unauthenticated attacker with network access to the affected router (adjacent network as per CVSS vector AV:A) can send specially crafted packets to trigger the buffer overflow [1]. No authentication or user interaction is required.

Impact

Successful exploitation allows the attacker to execute arbitrary code with full system privileges. This can lead to complete compromise of the device, affecting confidentiality, integrity, and availability (CVSS v3 base score 8.8, HIGH) [1].

Mitigation

NETGEAR has released firmware updates for all affected models. Users should download and install the latest firmware versions as specified in the advisory [1]. No workaround is available; updating is the only mitigation.

References

Security Advisory for Pre-Authentication Buffer Overflow on Routers, PSV-2017-0791

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/R6400llm-fuzzy
Range: <1.0.1.24
Netgear/R6700llm-fuzzy
Range: <1.0.1.22
Netgear/R6400v2llm-fuzzy
Range: <1.0.2.32

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000051495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Routers-PSV-2017-0791mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000