9.8
CVE-2018-21097
- EPSS 0.39%
- Veröffentlicht 27.04.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:02:53
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Wac505 Firmware Version < 5.0.5.4
Netgear ≫ Wac510 Firmware Version < 5.0.5.4
Netgear ≫ Wac120 Firmware Version < 2.1.7
Netgear ≫ Wn604 Firmware Version < 3.3.10
Netgear ≫ Wnap320 Firmware Version < 3.7.11.4
Netgear ≫ Wnap210 Firmware Version < 3.7.11.4
Netgear ≫ Wndap350 Firmware Version < 3.7.11.4
Netgear ≫ Wndap360 Firmware Version < 3.7.11.4
Netgear ≫ Wndap660 Firmware Version < 3.7.11.4
Netgear ≫ Wndap620 Firmware Version < 2.1.7
Netgear ≫ Wnd930 Firmware Version < 2.1.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.568 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 7.1 | 2.8 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.