CVE-2017-18794

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2017-18794
Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.

8.4 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://kb.netgear.com/000049368/Security-Advisory-for-Command-Injection-Vulnerability-on-D6100-and-Some-Routers-PSV-2017-0321 Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*
Information

Published : 2020-04-21 12:15

Updated : 2020-04-24 07:51

NVD link : CVE-2017-18794

Mitre link : CVE-2017-18794

JSON object : View

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Advertisement

dedicated server usa
Products Affected

netgear

  • r8500_firmware
  • r7100lg_firmware
  • r8000_firmware
  • r6700
  • r7000
  • r7000_firmware
  • r6400_firmware
  • r7900
  • d6100_firmware
  • d6100
  • r8500
  • r7900_firmware
  • r6300_firmware
  • r6300
  • r8000
  • r6700_firmware
  • r7100lg
  • r6400