PT-2020-8397 · NetGear · Netgear R8500+13

Martin Rakhmanov

·

Published

2020-04-20

·

Updated

2020-04-23

·

CVE-2017-18850

CVSS v3.1

8.4

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: NETGEAR D6220 versions prior to 1.0.0.26 NETGEAR D6400 versions prior to 1.0.0.60 NETGEAR D8500 versions prior to 1.0.3.29 NETGEAR R6250 versions prior to 1.0.4.12 NETGEAR R6400 versions prior to 1.01.24 NETGEAR R6400v2 versions prior to 1.0.2.30 NETGEAR R6700 versions prior to 1.0.1.22 NETGEAR R6900 versions prior to 1.0.1.22 NETGEAR R6900P versions prior to 1.0.0.56 NETGEAR R7000 versions prior to 1.0.9.4 NETGEAR R7000P versions prior to 1.0.0.56 NETGEAR R7100LG versions prior to 1.0.0.32 NETGEAR R7300DST versions prior to 1.0.0.54 NETGEAR R7900 versions prior to 1.0.1.18 NETGEAR R8000 versions prior to 1.0.3.44 NETGEAR R8300 versions prior to 1.0.2.100 1.0.82 NETGEAR R8500 versions prior to 1.0.2.100 1.0.82
Description: The issue is related to authentication bypass in certain NETGEAR devices.
Recommendations: For NETGEAR D6220 version prior to 1.0.0.26, update to version 1.0.0.26 or later. For NETGEAR D6400 version prior to 1.0.0.60, update to version 1.0.0.60 or later. For NETGEAR D8500 version prior to 1.0.3.29, update to version 1.0.3.29 or later. For NETGEAR R6250 version prior to 1.0.4.12, update to version 1.0.4.12 or later. For NETGEAR R6400 version prior to 1.01.24, update to version 1.01.24 or later. For NETGEAR R6400v2 version prior to 1.0.2.30, update to version 1.0.2.30 or later. For NETGEAR R6700 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R6900 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R6900P version prior to 1.0.0.56, update to version 1.0.0.56 or later. For NETGEAR R7000 version prior to 1.0.9.4, update to version 1.0.9.4 or later. For NETGEAR R7000P version prior to 1.0.0.56, update to version 1.0.0.56 or later. For NETGEAR R7100LG version prior to 1.0.0.32, update to version 1.0.0.32 or later. For NETGEAR R7300DST version prior to 1.0.0.54, update to version 1.0.0.54 or later. For NETGEAR R7900 version prior to 1.0.1.18, update to version 1.0.1.18 or later. For NETGEAR R8000 version prior to 1.0.3.44, update to version 1.0.3.44 or later. For NETGEAR R8300 version prior to 1.0.2.100 1.0.82, update to version 1.0.2.100 1.0.82 or later. For NETGEAR R8500 version prior to 1.0.2.100 1.0.82, update to version 1.0.2.100 1.0.82 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2017-18850

Affected Products

Netgear R6220
Netgear R6400
Netgear R8500
Netgear R6250
Netgear R6400V2
Netgear R6700
Netgear R6900P
Netgear R7000
Netgear R7000P
Netgear R7100Lg
Netgear R7300Dst
Netgear R7900
Netgear R8000
Netgear R8300