CVE-2017-18865
Description
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack-based buffer overflow in certain NETGEAR routers allows authenticated users to execute arbitrary code, fixed in firmware 1.0.2.104.
Vulnerability
A stack-based buffer overflow vulnerability exists in the firmware of NETGEAR R8300 and R8500 devices running versions prior to 1.0.2.104. This issue can be triggered by an authenticated user, allowing the attacker to overwrite stack memory and potentially execute arbitrary code. The vulnerability is identified as PSV-2017-2228 and is documented in NETGEAR's security advisory [1].
Exploitation
An attacker must first authenticate to the device web interface or have valid administrative credentials. Once authenticated, the attacker can send specially crafted input to a vulnerable component, causing a stack overflow. No other user interaction or network position beyond local access is required [1].
Impact
Successful exploitation could lead to complete compromise of the device, including arbitrary code execution with elevated privileges. The CVSS v3 score is 6.8 (Medium), with high impacts on confidentiality, integrity, and availability [1].
Mitigation
NETGEAR has released firmware version 1.0.2.104 for both R8300 and R8500 to address this vulnerability. Users are strongly recommended to download and install the latest firmware from NETGEAR Support as soon as possible [1]. There is no known workaround for unpatched devices.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- NETGEAR/devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.