CVE-2017-18847 — Sensitive Information Exposure in Netgear D8500 Firmware

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 81.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear D8500 Firmware Netgear R6400 Firmware Netgear R6900p Firmware +4 more

Timeline

PublishedApr 20

Latest updateMay 24

Description

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶NVDnetgear/d8500_firmware< 1.0.3.29

▶NVDnetgear/r7900_firmware< 1.0.1.18

▶NVDnetgear/r8300_firmware< 1.0.2.100_1.0.82

▶NVDnetgear/r8500_firmware< 1.0.2.100_1.0.82

▶NVDnetgear/r6900p_firmware< 1.0.0.56

🔴Vulnerability Details

GHSA

GHSA-crwj-6pw8-226h: Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files↗2022-05-24

▶

CVEList

CVE-2017-18847: Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files↗2020-04-20

▶