Unrated severityNVD Advisory· Published Aug 11, 2021· Updated Aug 4, 2024

CVE-2021-38526

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Certain NETGEAR RAX35/38/40 routers are vulnerable to a pre-authentication buffer overflow that allows an unauthenticated attacker to cause a denial of service by exploiting a crafted packet.

Vulnerability

A buffer overflow vulnerability exists in the pre-authentication code path of certain NETGEAR routers. The affected models are RAX35, RAX38, and RAX40 running firmware versions prior to 1.0.3.94[1]. An unauthenticated attacker can trigger the overflow by sending a specially crafted network request to the device without any prior authentication[1].

Exploitation

An attacker must be on the same local network (adjacent) to reach the vulnerable code path[1]. No authentication or user interaction is required. By sending a malicious packet that exploits the buffer overflow, the attacker can corrupt memory on the device[1].

Impact

Successful exploitation allows an unauthenticated attacker to cause a denial of service (CIA impact: availability low)[1]. The CVSS v3 base score is 4.3 (Medium) with vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L[1]. No confidentiality or integrity impact is expected.

Mitigation

NETGEAR has released fixed firmware version 1.0.3.94 for the RAX35, RAX38, and RAX40 models[1]. Users should download and install the latest firmware from NETGEAR Support as soon as possible[1]. No workarounds are provided; updating firmware is the recommended action.

References

Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, PSV-2020-0416

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/RAX40llm-fuzzy
Range: <1.0.3.94
Netgear/RAX35llm-fuzzy
Range: <1.0.3.94
Netgear/RAX38llm-fuzzy
Range: <1.0.3.94

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000