← Back

CVE-2018-21208

nvd nist
Published: Apr 28, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Affected (5)

Netgear
5 products
D6100 Firmware
R6100 Firmware
R7500 Firmware
Wndr4300 Firmware
Wndr4500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D6100 Firmware
Before 1.0.0.57
Running on/withPlatform Versions
Netgear
D6100
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6100 Firmware
Before 1.0.1.20
Running on/withPlatform Versions
Netgear
R6100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7500 Firmware
Before 1.0.3.24
Running on/withPlatform Versions
Netgear
R7500
Version v2
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr4300 Firmware
Before 1.0.0.50
Running on/withPlatform Versions
Netgear
Wndr4300
Version v2
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wndr4500 Firmware
Before 1.0.0.50
Running on/withPlatform Versions
Netgear
Wndr4500
Version v3

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.