CVE-2017-18733Improper Authentication in Netgear D6220 Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 63.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Netgear D6220 FirmwareNetgear D6400 FirmwareNetgear D8500 Firmware+6 more
Timeline
PublishedApr 23
Latest updateMay 24

Description

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

NVDnetgear/d6220_firmware< 1.0.0.28
NVDnetgear/d6400_firmware< 1.0.0.60
NVDnetgear/d8500_firmware< 1.0.3.29
NVDnetgear/r6250_firmware< 1.0.4.8
NVDnetgear/r6400_firmware< 1.0.1.22+1

🔴Vulnerability Details

2
GHSA
GHSA-4h9q-5577-5432: Certain NETGEAR devices are affected by authentication bypass2022-05-24
CVEList
CVE-2017-18733: Certain NETGEAR devices are affected by authentication bypass2020-04-23
CVE-2017-18733 — Improper Authentication in Netgear | cvebase