8.8

CVE-2017-18762

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearD3600 Firmware Version < 1.0.0.68
   NetgearD3600 Version-
NetgearD6000 Firmware Version < 1.0.0.68
   NetgearD6000 Version-
NetgearD6100 Firmware Version < 1.0.0.57
   NetgearD6100 Version-
NetgearR6100 Firmware Version < 1.0.1.16
   NetgearR6100 Version-
NetgearR6900p Firmware Version < 1.2.0.22
   NetgearR6900p Version-
NetgearR7000 Firmware Version < 1.0.9.10
   NetgearR7000 Version-
NetgearR7000p Firmware Version < 1.2.0.22
   NetgearR7000p Version-
NetgearR7100lg Firmware Version < 1.0.0.40
   NetgearR7100lg Version-
NetgearWndr3700 Firmware Version < 1.0.2.88
   NetgearWndr3700 Versionv4
NetgearWndr4300 Firmware Version < 1.0.2.90
   NetgearWndr4300 Versionv1
NetgearWndr4300 Firmware Version < 1.0.0.48
   NetgearWndr4300 Versionv2
NetgearWndr4500 Firmware Version < 1.0.0.48
   NetgearWndr4500 Versionv3
NetgearWnr2000 Firmware Version < 1.0.0.58
   NetgearWnr2000 Versionv5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.717
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.8 6.5 6.4
AV:A/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.