Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 5, 2024

CVE-2018-21212

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated buffer overflow vulnerability in NETGEAR routers/gateways/extenders could allow remote code execution.

Vulnerability

A pre-authentication buffer overflow vulnerability exists in multiple NETGEAR devices. Affected models include D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. The vulnerability can be triggered without authentication [1].

Exploitation

An unauthenticated attacker can remotely exploit this vulnerability by sending a specially crafted packet to the device. No user interaction or prior authentication is required [1].

Impact

Successful exploitation could allow an attacker to execute arbitrary code on the affected device or cause a denial of service. The attacker could gain full control of the device, potentially leading to further network compromise [1].

Mitigation

NETGEAR has released firmware updates for all affected models. Users should download and install the latest firmware from NETGEAR Support. No workarounds are available; updating firmware is the only recommended mitigation [1].

References

Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, Gateways, and Extenders, PSV-2017-2490

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/D6100llm-fuzzy
Range: <1.0.0.56
Netgear/D3600llm-fuzzy
Range: <1.0.0.67
Netgear/D6000llm-fuzzy
Range: <1.0.0.67

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000055137/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2490mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000