PT-2020-8322 · NetGear · Ex6150V2+10
Published
2020-04-22
·
Updated
2020-04-24
·
CVE-2017-18773
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
NETGEAR D6100 versions prior to V1.0.0.55
NETGEAR D7800 versions prior to V1.0.1.24
NETGEAR EX6150v2 versions prior to 1.0.0.48
NETGEAR R6100 versions prior to 1.0.1.14
NETGEAR R7500 versions prior to 1.0.0.110
NETGEAR R7500v2 versions prior to V1.0.3.16
NETGEAR R7800 versions prior to V1.0.2.36
NETGEAR WNDR4300v1 versions prior to 1.0.2.90
NETGEAR WNDR4300v2 versions prior to 1.0.0.48
NETGEAR WNDR4500v3 versions prior to 1.0.0.48
NETGEAR WNR2000v5 versions prior to 1.0.0.48
Description:
The issue is related to command injection by an authenticated user. This allows an attacker to execute arbitrary commands on the affected device.
Recommendations:
For NETGEAR D6100 versions prior to V1.0.0.55, update to V1.0.0.55 or later.
For NETGEAR D7800 versions prior to V1.0.1.24, update to V1.0.1.24 or later.
For NETGEAR EX6150v2 versions prior to 1.0.0.48, update to 1.0.0.48 or later.
For NETGEAR R6100 versions prior to 1.0.1.14, update to 1.0.1.14 or later.
For NETGEAR R7500 versions prior to 1.0.0.110, update to 1.0.0.110 or later.
For NETGEAR R7500v2 versions prior to V1.0.3.16, update to V1.0.3.16 or later.
For NETGEAR R7800 versions prior to V1.0.2.36, update to V1.0.2.36 or later.
For NETGEAR WNDR4300v1 versions prior to 1.0.2.90, update to 1.0.2.90 or later.
For NETGEAR WNDR4300v2 versions prior to 1.0.0.48, update to 1.0.0.48 or later.
For NETGEAR WNDR4500v3 versions prior to 1.0.0.48, update to 1.0.0.48 or later.
For NETGEAR WNR2000v5 versions prior to 1.0.0.48, update to 1.0.0.48 or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D6100
D7800
Ex6150V2
R6100
R7500
R7500V2
R7800
Wndr4300V1
Wndr4300V2
Wndr4500V3
Wnr2000V5