7.7

CVE-2017-18860

Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearFs752tp Firmware Version <= 5.4.2.19
   NetgearFs752tp Version-
NetgearGs108t Firmware Version <= 5.4.2.29
   NetgearGs108tv2 Version-
NetgearGs110tp Firmware Version <= 5.4.2.29
   NetgearGs110tp Version-
NetgearGs418tpp Firmware Version <= 6.6.2.6
   NetgearGs418tpp Version-
NetgearGs510tlp Firmware Version <= 6.6.2.6
   NetgearGs510tlp Version-
NetgearGs510tp Firmware Version <= 5.04.2.27
   NetgearGs510tp Version-
NetgearGs510tpp Firmware Version <= 6.6.2.6
   NetgearGs510tpp Version-
NetgearGs716t Firmware Version <= 5.4.2.27
   NetgearGs716t Versionv2
NetgearGs716t Firmware Version <= 6.3.1.16
   NetgearGs716t Versionv3
NetgearGs724t Firmware Version <= 5.4.2.27
   NetgearGs724t Versionv3
NetgearGs724t Firmware Version <= 6.3.1.16
   NetgearGs724t Versionv4
NetgearGs728tpsb Firmware Version <= 5.3.0.29
   NetgearGs728tpsb Version-
NetgearGs728tsb Firmware Version <= 5.3.0.29
   NetgearGs728tsb Version-
NetgearGs728txs Firmware Version <= 6.1.0.35
   NetgearGs728txs Version-
NetgearGs748t Firmware Version <= 5.4.2.27
   NetgearGs748t Versionv4
NetgearGs748t Firmware Version <= 6.3.1.16
   NetgearGs748t Versionv5
NetgearGs752tpsb Firmware Version <= 5.3.0.29
   NetgearGs752tpsb Version-
NetgearGs752tsb Firmware Version <= 5.3.0.29
   NetgearGs752tsb Version-
NetgearGs752txs Firmware Version <= 6.1.0.35
   NetgearGs752txs Version-
NetgearM4200 Firmware Version <= 12.0.2.10
   NetgearM4200 Version-
NetgearM4300 Firmware Version <= 12.0.2.10
   NetgearM4300 Version-
NetgearM5300 Firmware Version <= 11.0.0.28
   NetgearM5300 Version-
NetgearM6100 Firmware Version <= 11.0.0.28
   NetgearM6100 Version-
NetgearM7100 Firmware Version <= 11.0.0.28
   NetgearM7100 Version-
NetgearS3300 Firmware Version <= 6.6.1.4
   NetgearS3300 Version-
NetgearXs708t Firmware Version <= 6.6.0.11
   NetgearXs708t Version-
NetgearXs712t Firmware Version <= 6.1.0.34
   NetgearXs712t Version-
NetgearXs716t Firmware Version <= 6.6.0.11
   NetgearXs716t Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.226
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.7 2.5 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:N/I:P/A:P
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.