Lucene search

[email protected]CVE-2018-21225

HistoryApr 28, 2020 - 5:15 p.m.

CVE-2018-21225

2020-04-2817:15:00

CWE-78

[email protected]

web.nvd.nist.gov

netgear

devices

authenticated user

command injection

cve-2018-21225

security vulnerability

6.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.7%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before 1.2.0.16, R7000 before 1.0.9.12, R7000P before 1.2.0.22, R7500v2 before 1.0.3.20, R7800 before 1.0.2.44, R8300 before 1.0.2.106, R8500 before 1.0.2.106, and R9000 before 1.0.2.52.

CPENameOperatorVersion
netgear:d7800_firmwarenetgear d7800 firmwarelt1.0.1.34
netgear:d7000_firmwarenetgear d7000 firmwarelt1.0.1.60
netgear:d8500_firmwarenetgear d8500 firmwarelt1.0.3.39
netgear:r6700_firmwarenetgear r6700 firmwarelt1.0.1.30
netgear:r6700_firmwarenetgear r6700 firmwarelt1.2.0.16
netgear:r6800_firmwarenetgear r6800 firmwarelt1.2.0.16
netgear:r6900_firmwarenetgear r6900 firmwarelt1.0.1.30
netgear:r6900_firmwarenetgear r6900 firmwarelt1.2.0.16
netgear:r6900p_firmwarenetgear r6900p firmwarelt1.2.0.22
netgear:r7000_firmwarenetgear r7000 firmwarelt1.0.9.12

CPE	Name	Operator	Version
netgear:d7800_firmware	netgear d7800 firmware	lt	1.0.1.34
netgear:d7000_firmware	netgear d7000 firmware	lt	1.0.1.60
netgear:d8500_firmware	netgear d8500 firmware	lt	1.0.3.39
netgear:r6700_firmware	netgear r6700 firmware	lt	1.0.1.30
netgear:r6700_firmware	netgear r6700 firmware	lt	1.2.0.16
netgear:r6800_firmware	netgear r6800 firmware	lt	1.2.0.16
netgear:r6900_firmware	netgear r6900 firmware	lt	1.0.1.30
netgear:r6900_firmware	netgear r6900 firmware	lt	1.2.0.16
netgear:r6900p_firmware	netgear r6900p firmware	lt	1.2.0.22
netgear:r7000_firmware	netgear r7000 firmware	lt	1.0.9.12

Rows per page:

1-10 of 161

References

kb.netgear.com/000055112/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2160

6.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2018-21225

cvelist1 prion1