FKIE_CVE-2018-21097
Vulnerability from fkie_nvd - Published: 2020-04-27 16:15 - Updated: 2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wac505_firmware | * | |
| netgear | wac505 | - | |
| netgear | wac510_firmware | * | |
| netgear | wac510 | - | |
| netgear | wac120_firmware | * | |
| netgear | wac120 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3819D8-D7C6-4491-BCCC-C6ED67C815DF",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A51431E-AD34-4129-8E99-0A6BB8B7DF07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "755E4AE7-BAC6-4526-B6F4-320CE8D319A6",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED872A8-5B73-406B-8044-B1BD50A881EA",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "918C4D1C-A684-47AD-AA42-926715D8568A",
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC83243-B576-43FA-9339-90FF51DA75B6",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A66070C-92C0-45CD-A46F-64008E3D2268",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A80C76F-0F02-43E7-87D3-FCC0898B99B8",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9BBA36-7705-4829-BD87-2B505E380C3B",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DDCC0-D625-4810-A7E7-4AAC705F034E",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "992B6FDF-8FC7-4ACF-BCB2-73C8D91ABB80",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A282C49C-684B-4722-A6AC-CF2131F572A3",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria por parte de un atacante no autenticado. Esto afecta a WAC505 versiones anteriores a 5.0.5.4, WAC510 versiones anteriores a 5.0.5.4, WAC120 versiones anteriores a 2.1.7, WN604 versiones anteriores a 3.3.10, WNAP320 versiones anteriores a 3.7.11.4, WNAP210v2 versiones anteriores a 3. 7.11.4, WNDAP350 versiones anteriores a 3.7.11.4, WNDAP360 versiones anteriores a 3.7.11.4, WNDAP660 versiones anteriores a 3.7.11.4, WNDAP620 versiones anteriores a 2.1.7, y WND930 versiones anteriores a 2.1.5."
}
],
"id": "CVE-2018-21097",
"lastModified": "2024-11-21T04:02:53.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-27T16:15:12.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…