CVE-2018-21136
Description
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated physical access to certain NETGEAR modem routers before firmware version 1.0.0.76 can leak sensitive information.
Vulnerability
An unauthenticated sensitive information disclosure vulnerability exists in the NETGEAR D3600 and D6000 modem routers running firmware versions prior to 1.0.0.76 [1]. The exact mechanism is not publicly detailed, but it allows a physically proximate attacker to obtain sensitive data without any credentials or user interaction.
Exploitation
Exploitation requires physical access to the device and no authentication [1]. An attacker with physical proximity can trigger the disclosure of sensitive information; no user interaction or network-level access is needed.
Impact
Successful exploitation results in the disclosure of sensitive information from the device, compromising confidentiality (C) while integrity (I) and availability (A) are unaffected [1]. The CVSS v3 score is 4.6 (Medium) with a vector indicating physical attack vector and no privileges required [1].
Mitigation
NETGEAR has released fixed firmware versions 1.0.0.76 for both the D3600 and D6000 models [1]. All users are strongly recommended to download and install the latest firmware from the NETGEAR support site as soon as possible [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.