Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 5, 2024

CVE-2018-21214

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated buffer overflow in multiple NETGEAR devices allows remote attackers to cause denial of service or possibly execute code.

Vulnerability

A pre-authentication buffer overflow vulnerability exists in several NETGEAR devices, including D3600 (before 1.0.0.67), D6000 (before 1.0.0.67), EX2700 (before 1.0.1.28), R6100 (before 1.0.1.20), R7500v2 (before 1.0.3.24), R9000 (before 1.0.2.52), WN2000RPTv3 (before 1.0.1.20), WN3000RPv3 (before 1.0.2.50), and WN3100RPv2 (before 1.0.0.56) [1]. The flaw is triggered without authentication, requiring only network adjacency.

Exploitation

An attacker on the local network (adjacent) can exploit the buffer overflow by sending a crafted packet to the vulnerable device [1]. No authentication or user interaction is required, making the attack remotely exploitable from the same broadcast domain.

Impact

Successful exploitation could lead to arbitrary code execution or denial of service, with high impact on confidentiality, integrity, and availability [1]. The CVSS v3 score is 8.8 (High), with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should upgrade to the latest firmware as specified in the advisory [1]. No workarounds are provided; the only mitigation is to apply the firmware update.

References

Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, Gateways, and Extenders, PSV-2017-2488

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/R6100llm-fuzzy
Range: <1.0.1.20
Netgear/R7500v2llm-fuzzy
Range: <1.0.3.24
Netgear/EX2700llm-fuzzy
Range: <1.0.1.28
Netgear/WN3000RPv3llm-fuzzy
Range: <1.0.2.50
Netgear/WN2000RPTv3llm-fuzzy
Range: <1.0.1.20
Netgear/WN3100RPv2llm-fuzzy
Range: <1.0.0.56
Netgear/R9000llm-fuzzy
Range: <1.0.2.52
Netgear/D3600llm-fuzzy
Range: <1.0.0.67
Netgear/D6000llm-fuzzy
Range: <1.0.0.67

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000055123/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2488mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000