Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 5, 2024

CVE-2018-21187

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated users can trigger a stack-based buffer overflow on multiple NETGEAR routers and gateways, enabling code execution.

Vulnerability

A stack-based buffer overflow vulnerability exists in the web interface of several NETGEAR router and gateway models, affecting D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1]. The flaw is reachable only after successful authentication, requiring the attacker to have valid credentials for the device's administrative interface [1].

Exploitation

The attacker must first authenticate to the device's management interface. With administrative privileges, the attacker can send a specially crafted request that triggers a stack-based buffer overflow condition on the vulnerable web server [1]. The exact request vector is not disclosed in the public advisory, but the advisory confirms that authenticated access is the prerequisite [1].

Impact

Successful exploitation allows an authenticated attacker to cause a denial of service or potentially execute arbitrary code on the affected device with the same privileges as the web server process, which typically runs with root or high-level system access [1]. The CVSS v3 score of 6.8 (Medium) reflects a combination of high impact to confidentiality, integrity, and availability, though the attack requires high privileges and network adjacency [1].

Mitigation

NETGEAR has released firmware updates to address this vulnerability for all affected models: D7800 firmware version 1.0.1.30, R7500 firmware version 1.0.0.122, R7500v2 firmware version 1.0.3.24, R7800 firmware version 1.0.2.40, R9000 firmware version 1.0.2.52, WNDR3700v4 firmware version 1.0.2.92, WNDR4300 firmware version 1.0.2.94, WNDR4300v2 firmware version 1.0.0.50, WNDR4500v3 firmware version 1.0.0.50, and WNR2000v5 firmware version 1.0.0.62 [1]. Users should download the latest firmware from NETGEAR Support and follow the installation instructions [1]. No workarounds other than applying the patched firmware have been published.

References

Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2608

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/D7800llm-fuzzy
Range: <1.0.1.30
Netgear/R7500llm-fuzzy
Range: <1.0.0.122
Netgear/R7500v2llm-fuzzy
Range: <1.0.3.24

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000