CVE-2018-21134
Description
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6700 before 1.0.1.48, R7900 before 1.0.2.16, R6900 before 1.0.1.48, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R7000 before 1.0.9.34, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R7900P before 1.4.1.24, R8500 before 1.0.2.122, R8300 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, EX3700 before 1.0.0.72, EX3800 before 1.0.0.72, EX6000 before 1.0.0.32, EX6100 before 1.0.2.24, EX6120 before 1.0.0.42, EX6130 before 1.0.0.24, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, D7000v2 before 1.0.0.51, D6220 before 1.0.0.46, D6400 before 1.0.0.82, and D8500 before 1.0.3.42.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated stack-based buffer overflow in multiple NETGEAR routers and extenders allows remote code execution.
Vulnerability
CVE-2018-21134 is a pre-authentication stack-based buffer overflow vulnerability affecting a wide range of NETGEAR routers, wireless extenders, and other devices. The flaw exists in the firmware's handling of certain network requests before authentication, allowing an unauthenticated attacker to trigger a stack overflow. Affected devices include models such as R6700 (before 1.0.1.48), R7900 (before 1.0.2.16), R6900 (before 1.0.1.48), R7000P (before 1.3.1.44), and many others listed in the official advisory [1]. The complete list spans over 30 firmware versions across router and extender product lines.
Exploitation
An unauthenticated attacker can exploit this vulnerability from the local network by sending specially crafted packets to the affected device, without requiring any authentication or user interaction. The advisory describes the issue as a pre-authentication stack overflow, meaning the attacker does not need valid credentials to reach the vulnerable code path [1]. The exploitation vector is network-based, targeting the device's management interface or other exposed services.
Impact
Successful exploitation allows an attacker to potentially execute arbitrary code on the device, gaining full control over the affected router or extender. This can lead to disclosure of sensitive network traffic, persistence, and further compromise of the local network. The vulnerability requires no privileges and can be triggered remotely, making it a critical risk for unpatched devices.
Mitigation
NETGEAR has released firmware updates addressing this vulnerability for all listed models [1]. The fixed versions are specified in the advisory: for example, R6700 must be updated to version 1.0.1.48 or later. Users should upgrade to the latest available firmware for their device as soon as possible. No workarounds are provided; the only mitigation is to install the patched firmware. The advisory does not indicate that this CVE is listed in the KEV catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.