CVE-2017-18733

Published: Apr 23, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

Affected (10)

Products: Netgear: D6220 Firmware, D6400 Firmware, D8500 Firmware, R6250 Firmware, R6400 Firmware, R7100lg Firmware, R7300dst Firmware, R8300 Firmware, R8500 Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6220 Firmware	Before 1.0.0.28

Running on/with	Platform Versions
Netgear D6220	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6400 Firmware	Before 1.0.0.60

Running on/with	Platform Versions
Netgear D6400	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D8500 Firmware	Before 1.0.3.29

Running on/with	Platform Versions
Netgear D8500	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6250 Firmware	Before 1.0.4.8

Running on/with	Platform Versions
Netgear R6250	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.1.22

Running on/with	Platform Versions
Netgear R6400	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.2.32

Running on/with	Platform Versions
Netgear R6400	Version v2

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7100lg Firmware	Before 1.0.0.32

Running on/with	Platform Versions
Netgear R7100lg	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7300dst Firmware	Before 1.0.0.52

Running on/with	Platform Versions
Netgear R7300dst	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8300 Firmware	Before 1.0.2.94

Running on/with	Platform Versions
Netgear R8300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8500 Firmware	Before 1.0.2.100

Running on/with	Platform Versions
Netgear R8500	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://kb.netgear.com/000051522/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2016-0061

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000051522/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2016-0061

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.