6.7
CVE-2017-18806
- EPSS 0.09%
- Published 21.04.2020 16:15:51
- Last modified 21.11.2024 03:20:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Wac510 Firmware Version < 1.3.0.10
Netgear ≫ Wac120 Firmware Version < 2.1.4
Netgear ≫ Wndap620 Firmware Version < 2.1.3
Netgear ≫ Wnd930 Firmware Version < 2.1.2
Netgear ≫ Wn604 Firmware Version < 3.3.7
Netgear ≫ Wndap660 Firmware Version < 3.7.4.0
Netgear ≫ Wndap350 Firmware Version < 3.7.4.0
Netgear ≫ Wnap320 Firmware Version < 3.7.4.0
Netgear ≫ Wnap210 Firmware Version < 3.7.4.0
Netgear ≫ Wndap360 Firmware Version < 3.7.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.225 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 6.7 | 0.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.