CVE-2018-21097

moderate-risk

Published 2020-04-27

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.

Do I need to act?

0.39% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (11)

Wac505 Firmware

Wac510 Firmware

Wac120 Firmware

Wn604 Firmware

Wnap320 Firmware

Wnap210 Firmware

Wndap350 Firmware

Wndap360 Firmware

Wndap660 Firmware

Wndap620 Firmware

Wnd930 Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-...

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate