CVE-2018-11106

2020-04-0116:31:45

netgear

www.cve.org

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

CNA Affected

[
  {
    "product": "WC7500",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "firmware versions prior to 6.5.3.5"
      }
    ]
  },
  {
    "product": "WC7520",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "firmware versions prior to 2.5.0.46"
      }
    ]
  },
  {
    "product": "WC7600v1",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "firmware versions prior to 6.5.3.5"
      }
    ]
  },
  {
    "product": "WC7600v2",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "firmware versions prior to 6.5.3.5"
      }
    ]
  },
  {
    "product": "WC9500",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "firmware versions prior to 6.5.3.5"
      }
    ]
  }
]