6.7

CVE-2017-18805

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearWac510 Firmware Version < 1.3.0.10
   NetgearWac510 Version-
NetgearWac120 Firmware Version < 2.1.4
   NetgearWac120 Version-
NetgearWndap620 Firmware Version < 2.1.3
   NetgearWndap620 Version-
NetgearWnd930 Firmware Version < 2.1.2
   NetgearWnd930 Version-
NetgearWn604 Firmware Version < 3.3.7
   NetgearWn604 Version-
NetgearWndap660 Firmware Version < 3.7.4.0
   NetgearWndap660 Version-
NetgearWndap350 Firmware Version < 3.7.4.0
   NetgearWndap350 Version-
NetgearWnap320 Firmware Version < 3.7.4.0
   NetgearWnap320 Version-
NetgearWnap210 Firmware Version < 3.7.4.0
   NetgearWnap210 Versionv2
NetgearWndap360 Firmware Version < 3.7.4.0
   NetgearWndap360 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.225
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org 6.7 0.8 5.9
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.