1. Home
  2. CVE Database
  3. CVE-2017-18767
MEDIUM · 6.8

CVE-2017-18767

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 bef...

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearD7800 Firmware< 1.0.1.34
NetgearD7800-
NetgearD8500 Firmware< 1.0.3.39
NetgearD8500-
NetgearR6400 Firmware< 1.0.1.14
NetgearR6400-
NetgearR6700 Firmware< 1.0.1.22
NetgearR6700-
NetgearR6900 Firmware< 1.0.1.22
NetgearR6900-
NetgearR7000 Firmware< 1.0.9.4
NetgearR7000-
NetgearR7100Lg Firmware< 1.0.0.32
NetgearR7100Lg-
NetgearR7300 Firmware< 1.0.0.56
NetgearR7300-
NetgearR7800 Firmware< 1.0.2.36
NetgearR7800-
NetgearR7900 Firmware< 1.0.2.10
NetgearR7900-

Related Weaknesses (CWE)

CWE-74

References

FAQ

What is CVE-2017-18767?

CVE-2017-18767 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 bef...

How severe is CVE-2017-18767?

CVE-2017-18767 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-18767?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D7800 Firmware, Netgear D7800, Netgear D8500 Firmware, Netgear D8500, Netgear R6400 Firmware.