Lucene search

[email protected]CVE-2017-18795

HistoryApr 21, 2020 - 7:15 p.m.

CVE-2017-18795

2020-04-2119:15:12

CWE-74

[email protected]

web.nvd.nist.gov

netgear

command injection

vulnerability

d6220

d6100

nvd

cve-2017-18795

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.

Affected configurations

NVD

Node

netgeard6220Match-

AND

netgeard6220_firmwareRange<1.0.0.28

Node

netgeard6100Match-

AND

netgeard6100_firmwareRange<1.0.0.50_0.0.50

CPENameOperatorVersion
netgear:d6220_firmwarenetgear d6220 firmwarelt1.0.0.28

CPE	Name	Operator	Version
netgear:d6220_firmware	netgear d6220 firmware	lt	1.0.0.28

References

kb.netgear.com/000049367/Security-Advisory-for-Command-Injection-Vulnerability-on-D6220-and-D6100-PSV-2016-0133

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-18795

prion1 nvd1 cvelist1