← Back

CVE-2017-18762

nvd nist
Published: Apr 22, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Affected (13)

Netgear
12 products
D3600 Firmware
D6000 Firmware
D6100 Firmware
R6100 Firmware
R6900p Firmware
R7000 Firmware
R7000p Firmware
R7100lg Firmware
Wndr3700 Firmware
Wndr4300 Firmware
Wndr4500 Firmware
Wnr2000 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D3600 Firmware
Before 1.0.0.68
Running on/withPlatform Versions
Netgear
D3600
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D6000 Firmware
Before 1.0.0.68
Running on/withPlatform Versions
Netgear
D6000
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D6100 Firmware
Before 1.0.0.57
Running on/withPlatform Versions
Netgear
D6100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6100 Firmware
Before 1.0.1.16
Running on/withPlatform Versions
Netgear
R6100
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6900p Firmware
Before 1.2.0.22
Running on/withPlatform Versions
Netgear
R6900p
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7000 Firmware
Before 1.0.9.10
Running on/withPlatform Versions
Netgear
R7000
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7000p Firmware
Before 1.2.0.22
Running on/withPlatform Versions
Netgear
R7000p
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7100lg Firmware
Before 1.0.0.40
Running on/withPlatform Versions
Netgear
R7100lg
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr3700 Firmware
Before 1.0.2.88
Running on/withPlatform Versions
Netgear
Wndr3700
Version v4
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr4300 Firmware
Before 1.0.2.90
Running on/withPlatform Versions
Netgear
Wndr4300
Version v1
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr4300 Firmware
Before 1.0.0.48
Running on/withPlatform Versions
Netgear
Wndr4300
Version v2
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr4500 Firmware
Before 1.0.0.48
Running on/withPlatform Versions
Netgear
Wndr4500
Version v3
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2000 Firmware
Before 1.0.0.58
Running on/withPlatform Versions
Netgear
Wnr2000
Version v5

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.