Lucene search

[email protected]CVE-2017-18762

HistoryApr 22, 2020 - 4:15 p.m.

CVE-2017-18762

2020-04-2216:15:00

CWE-74

[email protected]

web.nvd.nist.gov

cve-2017-18762

netgear

command injection

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

33.3%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

CPENameOperatorVersion
netgear:d3600_firmwarenetgear d3600 firmwarelt1.0.0.68
netgear:d6000_firmwarenetgear d6000 firmwarelt1.0.0.68
netgear:d6100_firmwarenetgear d6100 firmwarelt1.0.0.57
netgear:r6100_firmwarenetgear r6100 firmwarelt1.0.1.16
netgear:r6900p_firmwarenetgear r6900p firmwarelt1.2.0.22
netgear:r7000_firmwarenetgear r7000 firmwarelt1.0.9.10
netgear:r7000p_firmwarenetgear r7000p firmwarelt1.2.0.22
netgear:r7100lg_firmwarenetgear r7100lg firmwarelt1.0.0.40
netgear:wndr3700_firmwarenetgear wndr3700 firmwarelt1.0.2.88
netgear:wndr4300_firmwarenetgear wndr4300 firmwarelt1.0.2.90

CPE	Name	Operator	Version
netgear:d3600_firmware	netgear d3600 firmware	lt	1.0.0.68
netgear:d6000_firmware	netgear d6000 firmware	lt	1.0.0.68
netgear:d6100_firmware	netgear d6100 firmware	lt	1.0.0.57
netgear:r6100_firmware	netgear r6100 firmware	lt	1.0.1.16
netgear:r6900p_firmware	netgear r6900p firmware	lt	1.2.0.22
netgear:r7000_firmware	netgear r7000 firmware	lt	1.0.9.10
netgear:r7000p_firmware	netgear r7000p firmware	lt	1.2.0.22
netgear:r7100lg_firmware	netgear r7100lg firmware	lt	1.0.0.40
netgear:wndr3700_firmware	netgear wndr3700 firmware	lt	1.0.2.88
netgear:wndr4300_firmware	netgear wndr4300 firmware	lt	1.0.2.90

Rows per page:

1-10 of 131

References

kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVE-2017-18762

cnvd1 cvelist1 prion1