CVE-2018-21097
CRITICALNetgear Wac505 Firmware < 5.0.5.4 - Out-of-Bounds Write
Title source: ruleDescription
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094
Scores
CVSS v3
9.8
EPSS
0.0039
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (11)
netgear/wac120_firmware
< 2.1.7
netgear/wac505_firmware
< 5.0.5.4
netgear/wac510_firmware
< 5.0.5.4
netgear/wn604_firmware
< 3.3.10
netgear/wnap210_firmware
< 3.7.11.4
netgear/wnap320_firmware
< 3.7.11.4
netgear/wnd930_firmware
< 2.1.5
netgear/wndap350_firmware
< 3.7.11.4
netgear/wndap360_firmware
< 3.7.11.4
netgear/wndap620_firmware
< 2.1.7
... and 1 more
Published
Apr 27, 2020
Tracked Since
Feb 18, 2026