CVE-2021-29073

HIGH

NETGEAR Multiple Router Models Firmware - Authenticated Stack-based Buffer Overflow

Title source: llm

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://kb.netgear.com/000063013/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0212

Scores

CVSS v3 7.6

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (13)

netgear/mk62_firmware < 1.0.6.110

netgear/mr60_firmware < 1.0.6.110

netgear/ms60_firmware < 1.0.6.110

netgear/r7900p_firmware < 1.4.1.66

netgear/r7960p_firmware < 1.4.1.66

netgear/r8000p_firmware < 1.4.1.66

netgear/rax15_firmware < 1.0.2.82

netgear/rax200_firmware < 1.0.3.106

netgear/rax20_firmware < 1.0.2.82

netgear/rax45_firmware < 1.0.2.72

... and 3 more

Published Mar 23, 2021

Tracked Since Feb 18, 2026