CVE-2017-18794

CWE-743 documents3 sources
Severity
8.4HIGH
EPSS
0.4%
top 41.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Netgear D6100 FirmwareNetgear R6300 FirmwareNetgear R6400 Firmware+6 more
Timeline
PublishedApr 21
Latest updateMay 24

Description

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages9 packages

NVDnetgear/d6100_firmware< 1.0.0.50_0.0.50
NVDnetgear/r6400_firmware< 1.0.1.24
NVDnetgear/r6700_firmware< 1.0.1.26
NVDnetgear/r7000_firmware< 1.0.9.10
NVDnetgear/r7900_firmware< 1.0.1.18

🔴Vulnerability Details

2
GHSA
GHSA-m3g4-f98h-fg66: Certain NETGEAR devices are affected by command injection2022-05-24
CVEList
CVE-2017-18794: Certain NETGEAR devices are affected by command injection2020-04-21
CVE-2017-18794 (HIGH CVSS 8.4) | Certain NETGEAR devices are affecte | cvebase.io