← Back

CVE-2017-18734

nvd nist
Published: Apr 23, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Affected (13)

Netgear
13 products
Jnr1010 Firmware
Jr6150 Firmware
Jwnr2010 Firmware
Pr2000 Firmware
R6050 Firmware
R6220 Firmware
R6700 Firmware
R6800 Firmware
R6900 Firmware
Wndr3700 Firmware
Wnr1000 Firmware
Wnr2020 Firmware
Wnr2050 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jnr1010 Firmware
Before 1.1.0.44
Running on/withPlatform Versions
Netgear
Jnr1010
Version v2
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jr6150 Firmware
Before 1.0.1.10
Running on/withPlatform Versions
Netgear
Jr6150
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jwnr2010 Firmware
Before 1.1.0.44
Running on/withPlatform Versions
Netgear
Jwnr2010
Version v5
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pr2000 Firmware
Before 1.0.0.18
Running on/withPlatform Versions
Netgear
Pr2000
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6050 Firmware
Before 1.0.1.10
Running on/withPlatform Versions
Netgear
R6050
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6220 Firmware
Before 1.1.0.50
Running on/withPlatform Versions
Netgear
R6220
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6700 Firmware
Before 1.2.0.4
Running on/withPlatform Versions
Netgear
R6700
Version v2
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6800 Firmware
Before 1.2.0.4
Running on/withPlatform Versions
Netgear
R6800
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6900 Firmware
Before 1.2.0.4
Running on/withPlatform Versions
Netgear
R6900
Version v2
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr3700 Firmware
Before 1.1.0.48
Running on/withPlatform Versions
Netgear
Wndr3700
Version v5
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr1000 Firmware
Before 1.1.0.44
Running on/withPlatform Versions
Netgear
Wnr1000
Version v4
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2020 Firmware
Before 1.1.0.44
Running on/withPlatform Versions
Netgear
Wnr2020
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2050 Firmware
Before 1.1.0.44
Running on/withPlatform Versions
Netgear
Wnr2050
All versions

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.