PT-2020-8285 · NetGear · Wndr3700V5+6

Published

2020-04-23

Updated

2020-04-23

CVE-2017-18736

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: NETGEAR JR6150 versions prior to 1.0.1.10 NETGEAR R6050 versions prior to 1.0.1.10 NETGEAR R6220 versions prior to 1.1.0.50 NETGEAR R6700v2 versions prior to 1.2.0.4 NETGEAR R6800 versions prior to 1.2.0.4 NETGEAR R6900v2 versions prior to 1.2.0.4 NETGEAR WNDR3700v5 versions prior to 1.1.0.48

Description: The issue affects certain NETGEAR devices, allowing command injection by an unauthenticated attacker.

Recommendations: For NETGEAR JR6150 version prior to 1.0.1.10, update to version 1.0.1.10 or later. For NETGEAR R6050 version prior to 1.0.1.10, update to version 1.0.1.10 or later. For NETGEAR R6220 version prior to 1.1.0.50, update to version 1.1.0.50 or later. For NETGEAR R6700v2 version prior to 1.2.0.4, update to version 1.2.0.4 or later. For NETGEAR R6800 version prior to 1.2.0.4, update to version 1.2.0.4 or later. For NETGEAR R6900v2 version prior to 1.2.0.4, update to version 1.2.0.4 or later. For NETGEAR WNDR3700v5 version prior to 1.1.0.48, update to version 1.1.0.48 or later.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2017-18736

Affected Products

Jr6150

R6050

R6220

R6700V2

R6800

R6900V2

Wndr3700V5

PT-2020-8285 · NetGear · Wndr3700V5+6

CVE-2017-18736

Weakness Enumeration

Related Identifiers

Affected Products

References · 5