CVE-2017-18747

Published: Apr 23, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.

Affected (8)

Products: Netgear: Ex3700 Firmware, Ex3800 Firmware, Ex6000 Firmware, Ex6130 Firmware, Ex6400 Firmware, Ex7000 Firmware, Ex7300 Firmware, Wn2500rp Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3700 Firmware	Before 1.0.0.64

Running on/with	Platform Versions
Netgear Ex3700	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3800 Firmware	Before 1.0.0.64

Running on/with	Platform Versions
Netgear Ex3800	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6000 Firmware	Before 1.0.0.24

Running on/with	Platform Versions
Netgear Ex6000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6130 Firmware	Before 1.0.0.16

Running on/with	Platform Versions
Netgear Ex6130	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6400 Firmware	Before 1.0.1.60

Running on/with	Platform Versions
Netgear Ex6400	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex7000 Firmware	Before 1.0.0.50

Running on/with	Platform Versions
Netgear Ex7000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex7300 Firmware	Before 1.0.1.60

Running on/with	Platform Versions
Netgear Ex7300	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wn2500rp Firmware	Before 1.0.1.46

Running on/with	Platform Versions
Netgear Wn2500rp	Version v2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://kb.netgear.com/000051507/Security-Advisory-for-Security-Misconfiguration-on-Some-Extenders-PSV-2016-0115

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000051507/Security-Advisory-for-Security-Misconfiguration-on-Some-Extenders-PSV-2016-0115

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.