PT-2020-8284 · NetGear · Pr2000+5

Published

2020-04-23

Updated

2020-04-23

CVE-2017-18735

CVSS v3.1

8.8

High

Vector

AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions: NETGEAR JR6150 versions prior to 1.0.1.10 NETGEAR PR2000 versions prior to 1.0.0.18 NETGEAR R6050 versions prior to 1.0.1.10 NETGEAR R6700v2 versions prior to 1.2.0.4 NETGEAR R6800 versions prior to 1.2.0.4 NETGEAR R6900v2 versions prior to 1.2.0.4

Description: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Recommendations: For NETGEAR JR6150 version prior to 1.0.1.10, update to version 1.0.1.10 or later. For NETGEAR PR2000 version prior to 1.0.0.18, update to version 1.0.0.18 or later. For NETGEAR R6050 version prior to 1.0.1.10, update to version 1.0.1.10 or later. For NETGEAR R6700v2 version prior to 1.2.0.4, update to version 1.2.0.4 or later. For NETGEAR R6800 version prior to 1.2.0.4, update to version 1.2.0.4 or later. For NETGEAR R6900v2 version prior to 1.2.0.4, update to version 1.2.0.4 or later.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2017-18735

Affected Products

Jr6150

Pr2000

R6050

R6700V2

R6800

R6900V2

PT-2020-8284 · NetGear · Pr2000+5

CVE-2017-18735

Weakness Enumeration

Related Identifiers

Affected Products

References · 5