CVE-2017-18764

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:20

Type Values Removed Values Added
References () https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210 - Vendor Advisory () https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210 - Vendor Advisory

Information

Published : 2020-04-22 16:15

Updated : 2024-11-21 03:20


NVD link : CVE-2017-18764

Mitre link : CVE-2017-18764

CVE.ORG link : CVE-2017-18764


JSON object : View

Products Affected

netgear

  • r6100
  • wndr4300_firmware
  • wndr4300
  • wndr4500_firmware
  • wnr1000
  • jr6150_firmware
  • r6120_firmware
  • wndr3700
  • wn3000rp_firmware
  • r7800
  • jwnr2010
  • wnr2000
  • wndr3700_firmware
  • wnr2050_firmware
  • pr2000_firmware
  • r7500_firmware
  • r6900
  • d7000_firmware
  • r7800_firmware
  • wnr1000_firmware
  • r6100_firmware
  • d6100
  • jnr1010_firmware
  • r6800
  • r6050_firmware
  • d7800_firmware
  • r6900_firmware
  • wnr2020_firmware
  • wnr2050
  • r6220
  • d6100_firmware
  • d7800
  • r6050
  • jnr1010
  • r6120
  • r6800_firmware
  • pr2000
  • r9000_firmware
  • r9000
  • wnr2000_firmware
  • wnr2020
  • wndr4500
  • r6220_firmware
  • jr6150
  • r7500
  • wn3000rp
  • r6700_firmware
  • jwnr2010_firmware
  • d7000
  • r6700
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')