PT-2020-8398 · NetGear · R8500+5
Martin Rakhmanov
·
Published
2020-04-20
·
Updated
2020-04-23
·
CVE-2017-18851
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
D8500 versions 1.0.3.28 and earlier
R6400 versions 1.0.1.22 and earlier
R6400v2 versions 1.0.2.18 and earlier
R8300 versions 1.0.2.94 and earlier
R8500 versions 1.0.2.94 and earlier
R6100 versions 1.0.1.12 and earlier
Description:
The issue affects certain NETGEAR devices, allowing command injection by an authenticated user.
Recommendations:
For D8500 version 1.0.3.28 and earlier, update to a version later than 1.0.3.28.
For R6400 version 1.0.1.22 and earlier, update to a version later than 1.0.1.22.
For R6400v2 version 1.0.2.18 and earlier, update to a version later than 1.0.2.18.
For R8300 version 1.0.2.94 and earlier, update to a version later than 1.0.2.94.
For R8500 version 1.0.2.94 and earlier, update to a version later than 1.0.2.94.
For R6100 version 1.0.1.12 and earlier, update to a version later than 1.0.1.12.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D8500
R6100
R6400
R6400V2
R8300
R8500