CVE-2017-18736
Last modified
CVE-2017-18736 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.. EPSS estimates a 1.86% chance of exploitation in the next 30 days.
Description
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Jr6150 Firmware | < 1.0.1.10 |
| Netgear | R6050 Firmware | < 1.0.1.10 |
| Netgear | R6220 Firmware | < 1.1.0.50 |
| Netgear | R6700 Firmware | < 1.2.0.4 |
| Netgear | R6800 Firmware | < 1.2.0.4 |
| Netgear | R6900 Firmware | < 1.2.0.4 |
| Netgear | Wndr3700 Firmware | < 1.1.0.48 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18736?
How severe is CVE-2017-18736?
How do I fix CVE-2017-18736?
Are you affected by CVE-2017-18736?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST