Vulnerability Details : CVE-2018-21097
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2018-21097
- cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-21097
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-21097
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
7.1
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N |
2.8
|
4.2
|
MITRE | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-21097
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-21097
-
https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094
Security Advisory for Pre-Authentication Stack Overflow on Some Wireless Access Points, PSV-2018-0094 | Answer | NETGEAR SupportVendor Advisory
Jump to