CVE-2018-21168

high-risk

Published 2020-04-27

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7000 before 1.0.1.52, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

Do I need to act?

0.40% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

D7000 Firmware

D7800 Firmware

D8500 Firmware

Jnr1010 Firmware

Jr6150 Firmware

Jwnr2010 Firmware

Pr2000 Firmware

R6050 Firmware

R6220 Firmware

R6400 Firmware

R6700 Firmware

R6800 Firmware

R6900 Firmware

R7300Dst Firmware

R7500 Firmware

R7800 Firmware

R7900P Firmware

R8000P Firmware

R8300 Firmware

R8500 Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000055190/Security-Advisory-for-Sensitive-Information-Dis...

/ 100

high-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 22/34 · High