PT-2020-8756 · NetGear · Netgear R7800+3
Published
2020-04-22
·
Updated
2020-04-23
·
CVE-2018-21112
CVSS v3.1
6.8
Medium
| Vector | AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR D7800 versions prior to 1.0.1.44
NETGEAR R7500v2 versions prior to 1.0.3.38
NETGEAR R7800 versions prior to 1.0.2.52
NETGEAR R8900 versions prior to 1.0.4.12
NETGEAR R9000 versions prior to 1.0.4.12
Description
The issue is related to command injection by an authenticated user.
Recommendations
For NETGEAR D7800 versions prior to 1.0.1.44, update to version 1.0.1.44 or later.
For NETGEAR R7500v2 versions prior to 1.0.3.38, update to version 1.0.3.38 or later.
For NETGEAR R7800 versions prior to 1.0.2.52, update to version 1.0.2.52 or later.
For NETGEAR R8900 versions prior to 1.0.4.12, update to version 1.0.4.12 or later.
For NETGEAR R9000 versions prior to 1.0.4.12, update to version 1.0.4.12 or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear R7800
Netgear R7500V2
Netgear R8900
Netgear R9000