CVE-2018-21097 - OpenCVE

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Wnap210 Firmware Wac510 Firmware Wndap350 Wndap660 Wac505 Wndap360 Firmware Wndap350 Firmware Wac120 Wac505 Firmware Wac120 Firmware Wn604 Firmware Wnap210 Wndap360 Wnap320 Firmware Wndap620 Wndap620 Firmware Wnap320 Wndap660 Firmware Wnd930 Wnd930 Firmware Wac510 Wn604

Configuration 1 [-]

AND

cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-27T15:57:34

Updated: 2020-04-27T15:57:34

Reserved: 2020-04-20T00:00:00

Link: CVE-2018-21097

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-27T16:15:12.710

Modified: 2020-05-04T14:15:46.887

Link: CVE-2018-21097

JSON object: View

Redhat Information

No data.

CWE

CWE-787