Unrated severityNVD Advisory· Published Apr 22, 2020· Updated Aug 5, 2024

CVE-2018-21150

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack-based buffer overflow in multiple NETGEAR devices allows authenticated users to cause a denial of service or possibly execute arbitrary code.

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR gateway and router models when processing input from an authenticated user. Affected devices include D7800 (before 1.0.1.34), DM200 (before 1.0.0.50), R6100 (before 1.0.1.22), R7500 (before 1.0.0.122), R7500v2 (before 1.0.3.26), R7800 (before 1.0.2.42), R8900 (before 1.0.3.10), R9000 (before 1.0.3.10), WNDR3700v4 (before 1.0.2.96), WNDR4300 (before 1.0.2.98), WNDR4300v2 (before 1.0.0.54), WNDR4500v3 (before 1.0.0.54), and WNR2000v5 (before 1.0.0.64) [1].

Exploitation

An attacker must first authenticate to the device's web interface or management service. After authentication, the attacker can send a specially crafted request that triggers a stack-based buffer overflow. The exact input vector is not publicly detailed, but the vulnerability is reachable through normal authenticated operations [1].

Impact

Successful exploitation could allow an authenticated attacker to cause a denial of service by crashing the device or potentially execute arbitrary code with elevated privileges, compromising the device's integrity and availability [1].

Mitigation

NETGEAR has released firmware updates for all affected models. Users should update to the latest firmware version as specified in the advisory [1]. No workarounds are provided; updating firmware is the recommended mitigation.

References

Security Advisory for Post-Authentication Stack Overflow on Some Gateways and Routers, PSV-2017-3155

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/D7800description
Netgear/D7800llm-fuzzy
Range: <1.0.1.34
Netgear/R6100llm-fuzzy
Range: <1.0.1.22
Yottamaster/DM200llm-fuzzy
Range: <1.0.0.50

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000