← Back

CVE-2017-18767

nvd nist
Published: Apr 22, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.

Affected (14)

Netgear
13 products
D7800 Firmware
D8500 Firmware
R6400 Firmware
R6700 Firmware
R6900 Firmware
R7000 Firmware
R7100lg Firmware
R7300 Firmware
R7800 Firmware
R7900 Firmware
R8000 Firmware
R8300 Firmware
R8500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D7800 Firmware
Before 1.0.1.34
Running on/withPlatform Versions
Netgear
D7800
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D8500 Firmware
Before 1.0.3.39
Running on/withPlatform Versions
Netgear
D8500
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6400 Firmware
Before 1.0.1.14
Running on/withPlatform Versions
Netgear
R6400
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6400 Firmware
Before 1.0.2.32
Running on/withPlatform Versions
Netgear
R6400
Version v2
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6700 Firmware
Before 1.0.1.22
Running on/withPlatform Versions
Netgear
R6700
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6900 Firmware
Before 1.0.1.22
Running on/withPlatform Versions
Netgear
R6900
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7000 Firmware
Before 1.0.9.4
Running on/withPlatform Versions
Netgear
R7000
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7100lg Firmware
Before 1.0.0.32
Running on/withPlatform Versions
Netgear
R7100lg
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7300 Firmware
Before 1.0.0.56
Running on/withPlatform Versions
Netgear
R7300
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7800 Firmware
Before 1.0.2.36
Running on/withPlatform Versions
Netgear
R7800
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7900 Firmware
Before 1.0.2.10
Running on/withPlatform Versions
Netgear
R7900
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R8000 Firmware
Before 1.0.3.24
Running on/withPlatform Versions
Netgear
R8000
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R8300 Firmware
Before 1.0.2.74
Running on/withPlatform Versions
Netgear
R8300
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R8500 Firmware
Before 1.0.2.74
Running on/withPlatform Versions
Netgear
R8500
All versions

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.