CVE-2017-18736

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*

History

21 Nov 2024, 03:20

Type Values Removed Values Added
References () https://kb.netgear.com/000051519/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2017-2142 - Vendor Advisory () https://kb.netgear.com/000051519/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2017-2142 - Vendor Advisory

Information

Published : 2020-04-23 17:15

Updated : 2024-11-21 03:20


NVD link : CVE-2017-18736

Mitre link : CVE-2017-18736

CVE.ORG link : CVE-2017-18736


JSON object : View

Products Affected

netgear

  • jr6150
  • r6220
  • r6050
  • r6800
  • r6800_firmware
  • r6050_firmware
  • r6700_firmware
  • jr6150_firmware
  • r6900
  • wndr3700
  • wndr3700_firmware
  • r6900_firmware
  • r6220_firmware
  • r6700
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')