CVE-2018-21169
Description
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7000 before 2018-03-01, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 2018-03-01, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple NETGEAR devices have incorrect security settings, allowing potential unauthorized access.
Vulnerability
A security misconfiguration exists in the firmware of multiple NETGEAR routers, gateways, and extenders. This incorrect configuration of security settings affects a wide range of models including the D7000, D7800, D8500, JNR1010v2, JR6150, JWNR2010v5, PR2000, R6050, R6220, R6400, R6400v2, R6700v2, R6800, R6900v2, R7300DST, R7500, R7500v2, R7800, R7900P, R8000P, R8300, R8500, R9000, WNDR3700v4, WNDR3700v5, WNDR4300, WNDR4300v2, WNDR4500v3, WNR1000v4, WNR2020, and WNR2050. Devices running firmware versions prior to the dates or version numbers listed in the advisory (e.g., D7000 before 2018-03-01, R7800 before 1.0.2.36) are vulnerable [1].
Exploitation
The advisory does not provide specific exploitation details, but the vulnerability is related to a security misconfiguration. An attacker with network access to the device could potentially leverage the misconfiguration without requiring authentication or user interaction. The exact steps are not disclosed in the available references [1].
Impact
If successfully exploited, this security misconfiguration could allow an attacker to bypass security controls, leading to unauthorized access or disclosure of sensitive information. The advisory does not specify privilege escalation or remote code execution, but the impact could involve compromised confidentiality and integrity of the device and its network [1].
Mitigation
NETGEAR released firmware fixes for the affected models. Users should update to the latest firmware version for their specific device as soon as possible. For example, R7800 should be updated to at least version 1.0.2.36, and R8000P to version 1.1.4.6 or later. If a device is listed as reaching end-of-life, no further updates may be available. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Detailed upgrade instructions are available on NETGEAR Support [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.