CVE-2017-18806

CWE-743 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 74.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Wac120 Firmware Netgear Wac510 Firmware Netgear Wn604 Firmware +7 more

Timeline

PublishedApr 21

Latest updateMay 24

Description

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages10 packages

▶NVDnetgear/wn604_firmware< 3.3.7

▶NVDnetgear/wac120_firmware< 2.1.4

▶NVDnetgear/wac510_firmware< 1.3.0.10

▶NVDnetgear/wnd930_firmware< 2.1.2

▶NVDnetgear/wnap320_firmware< 3.7.4.0

🔴Vulnerability Details

GHSA

GHSA-cvrm-7p45-fx4m: Certain NETGEAR devices are affected by command injection↗2022-05-24

▶

CVEList

CVE-2017-18806: Certain NETGEAR devices are affected by command injection↗2020-04-21

▶