PT-2020-8852 · NetGear · Wndr4300V2+4

Cloudfuzzer

Published

2020-04-28

Updated

2020-05-04

CVE-2018-21208

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D6100 versions prior to 1.0.0.57 R6100 versions prior to 1.0.1.20 R7500v2 versions prior to 1.0.3.24 WNDR4300v2 versions prior to 1.0.0.50 WNDR4500v3 versions prior to 1.0.0.50

Description The issue is related to command injection by an unauthenticated attacker.

Recommendations For D6100 versions prior to 1.0.0.57, update to version 1.0.0.57 or later. For R6100 versions prior to 1.0.1.20, update to version 1.0.1.20 or later. For R7500v2 versions prior to 1.0.3.24, update to version 1.0.3.24 or later. For WNDR4300v2 versions prior to 1.0.0.50, update to version 1.0.0.50 or later. For WNDR4500v3 versions prior to 1.0.0.50, update to version 1.0.0.50 or later.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2018-21208

Affected Products

D6100

R6100

R7500V2

Wndr4300V2

Wndr4500V3

PT-2020-8852 · NetGear · Wndr4300V2+4

CVE-2018-21208

Weakness Enumeration

Related Identifiers

Affected Products

References · 4