CVE-2018-21166
Description
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple NETGEAR routers are vulnerable to a denial of service (DoS) condition that can be triggered by an authenticated local attacker via an unspecified attack vector.
Vulnerability
A denial of service (DoS) vulnerability exists in the firmware of several NETGEAR router models. Affected devices include the R6100 (before 1.0.1.22), R7500 (before 1.0.0.122), R7800 (before 1.0.2.42), R8900 (before 1.0.3.10), R9000 (before 1.0.3.10), WNDR3700v4 (before 1.0.2.96), WNDR4300 (before 1.0.2.98), WNDR4300v2 (before 1.0.0.54), WNDR4500v3 (before 1.0.0.54), and WNR2000v5 (before 1.0.0.64) [1]. The exact nature of the flaw is not publicly detailed in available references, but it is reachable when an authenticated attacker sends specially crafted traffic or commands to the device.
Exploitation
To exploit this vulnerability, an attacker must have administrative access to the affected router and be within the same network segment (adjacent network) as the target device [1]. The attacker does not require any user interaction. The specific sequence of steps is not disclosed, but the attack would involve an authenticated administrator sending malicious input that triggers the denial of service condition.
Impact
Successful exploitation leads to a denial of service, which results in the device becoming unresponsive or crashing, thereby disrupting network connectivity for legitimate users. The impact is limited to availability; there is no compromise of confidentiality or integrity [1].
Mitigation
NETGEAR has released firmware updates to address this vulnerability. Users should upgrade to the fixed versions listed below [1]: - R6100: firmware version 1.0.1.22 or later - R7500: firmware version 1.0.0.122 or later - R7800: firmware version 1.0.2.42 or later - R8900: firmware version 1.0.3.10 or later - R9000: firmware version 1.0.3.10 or later - WNDR3700v4: firmware version 1.0.2.96 or later - WNDR4300: firmware version 1.0.2.98 or later - WNDR4300v2: firmware version 1.0.0.54 or later - WNDR4500v3: firmware version 1.0.0.54 or later - WNR2000v5: firmware version 1.0.0.64 or later.
If the latest firmware cannot be applied, no workaround is provided by the vendor. This vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.