9.8

CVE-2018-21097

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.

Data is provided by the National Vulnerability Database (NVD)
NetgearWac505 Firmware Version < 5.0.5.4
   NetgearWac505 Version-
NetgearWac510 Firmware Version < 5.0.5.4
   NetgearWac510 Version-
NetgearWac120 Firmware Version < 2.1.7
   NetgearWac120 Version-
NetgearWn604 Firmware Version < 3.3.10
   NetgearWn604 Version-
NetgearWnap320 Firmware Version < 3.7.11.4
   NetgearWnap320 Version-
NetgearWnap210 Firmware Version < 3.7.11.4
   NetgearWnap210 Versionv2
NetgearWndap350 Firmware Version < 3.7.11.4
   NetgearWndap350 Version-
NetgearWndap360 Firmware Version < 3.7.11.4
   NetgearWndap360 Version-
NetgearWndap660 Firmware Version < 3.7.11.4
   NetgearWndap660 Version-
NetgearWndap620 Firmware Version < 2.1.7
   NetgearWndap620 Version-
NetgearWnd930 Firmware Version < 2.1.5
   NetgearWnd930 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.39% 0.568
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org 7.1 2.8 4.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.