CVE-2017-18752

CWE-200 — Information Exposure3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 36.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Ex3700 Firmware Netgear Ex3800 Firmware Netgear Ex6120 Firmware +9 more

Timeline

PublishedApr 22

Latest updateMay 24

Description

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

▶NVDnetgear/r6700_firmware< 1.0.1.26

▶NVDnetgear/r6900_firmware< 1.0.1.22

▶NVDnetgear/r7000_firmware< 1.0.9.6

▶NVDnetgear/r7900_firmware< 1.0.1.12

▶NVDnetgear/r8000_firmware< 1.0.3.24

🔴Vulnerability Details

GHSA

GHSA-h8h3-697g-vpc3: Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files↗2022-05-24

▶

CVEList

CVE-2017-18752: Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files↗2020-04-22

▶