Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 5, 2024

CVE-2018-21219

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Pre-authentication buffer overflow in multiple NETGEAR devices allows unauthenticated remote code execution.

Vulnerability

A buffer overflow vulnerability exists in the firmware of multiple NETGEAR devices [1]. The issue is pre-authentication, meaning no credentials are required to trigger it. Affected models include D3600, D6000, D6100, D7800, R6100, R7500, R7500v2, R9000, WNDR3700v4, WNDR4300, WNDR4300v2, WNDR4500v3, and WNR2000v5 running firmware versions prior to the fixed releases listed in the advisory [1].

Exploitation

An unauthenticated attacker with network access (adjacent network, per CVSS vector) can exploit this vulnerability without any user interaction. The exact attack vector is not detailed, but given it is a pre-authentication buffer overflow, the attacker likely sends a crafted packet to the device's management interface [1].

Impact

Successful exploitation can lead to arbitrary code execution with high privileges, resulting in full compromise of confidentiality, integrity, and availability (CVSS 8.8) [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models [1]. Users should upgrade to the latest firmware as listed in the advisory. No workarounds are provided; the only mitigation is to apply the update.

References

Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2482

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Netgear/D6100llm-fuzzy
Range: <1.0.0.56
Netgear/D3600llm-fuzzy
Range: <1.0.0.67
Netgear/D6000llm-fuzzy
Range: <1.0.0.67

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000