CVE-2017-18851

Published: Apr 20, 2020Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12.

Affected (6)

Products: Netgear: D8500 Firmware, R6400 Firmware, R8300 Firmware, R8500 Firmware, R6100 Firmware

5 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D8500 Firmware	Before 1.0.3.28

Running on/with	Platform Versions
Netgear D8500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.1.22

Running on/with	Platform Versions
Netgear R6400	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.2.18

Running on/with	Platform Versions
Netgear R6400	Version v2

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8300 Firmware	Before 1.0.2.94

Running on/with	Platform Versions
Netgear R8300	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8500 Firmware	Before 1.0.2.94

Running on/with	Platform Versions
Netgear R8500	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6100 Firmware	Before 1.0.1.12

Running on/with	Platform Versions
Netgear R6100	All versions

Related CWEs

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

https://kb.netgear.com/000045850/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Modem-Routers-PSV-2017-1207

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000045850/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Modem-Routers-PSV-2017-1207

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.