Unrated severityNVD Advisory· Published Apr 27, 2020· Updated Aug 5, 2024

CVE-2018-21177

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated stack buffer overflow in multiple NETGEAR devices allows remote code execution via crafted requests.

Vulnerability

A post-authentication stack-based buffer overflow vulnerability exists in several NETGEAR routers and gateways. The flaw occurs when an authenticated user sends a specially crafted request to the device, corrupting the stack. Affected devices include D6100 (before 1.0.0.57), R6100 (before 1.0.1.20), R7800 (before 1.0.2.40), R9000 (before 1.0.2.52), WNDR3700v4 (before 1.0.2.92), WNDR4300 (before 1.0.2.94), WNDR4300v2 (before 1.0.0.50), WNDR4500v3 (before 1.0.0.50), and WNR2000v5 (before 1.0.0.62) [1].

Exploitation

An attacker must first authenticate to the device (requiring valid credentials). With network adjacency (CVSS:3.0/AV:A), the attacker sends a tailored request that triggers the overflow. The exploitation does not require user interaction, but the attacker needs high privileges (PR:H) [1].

Impact

Successful exploitation can lead to arbitrary code execution with elevated privileges, resulting in full compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) [1].

Mitigation

NETGEAR has released firmware updates for all affected models. Users should upgrade to the latest firmware versions as specified in the advisory [1]. If upgrading is not immediately possible, limit administrative access to trusted users and networks.

References

Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2622

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/D6100llm-fuzzy
Range: <1.0.0.57
Netgear/R6100llm-fuzzy
Range: <1.0.1.20
Netgear/R7800llm-fuzzy
Range: <1.0.2.40

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000