← Back

CVE-2017-18841

nvd nist
Published: Apr 20, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50.

Affected (5)

Netgear
5 products
R6220 Firmware
R6700 Firmware
R6800 Firmware
Wndr3700 Firmware
D7000 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6220 Firmware
Before 1.1.0.46
Running on/withPlatform Versions
Netgear
R6220
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6700 Firmware
Before 1.1.0.38
Running on/withPlatform Versions
Netgear
R6700
Version v2
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6800 Firmware
Before 1.1.0.38
Running on/withPlatform Versions
Netgear
R6800
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr3700 Firmware
Before 1.1.0.46
Running on/withPlatform Versions
Netgear
Wndr3700
Version v5
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D7000 Firmware
Before 1.0.1.50
Running on/withPlatform Versions
Netgear
D7000
All versions

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.