Vulnerability Description
Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | D8500 Firmware | <= 1.0.3.27 |
| Netgear | D8500 | - |
| Netgear | Dgn2200 Firmware | <= 1.0.0.82 |
| Netgear | Dgn2200 | v4 |
| Netgear | R6300 Firmware | <= 1.0.4.06 |
| Netgear | R6300 | v2 |
| Netgear | R6400 Firmware | <= 1.0.1.20 |
| Netgear | R6400 | - |
| Netgear | R6700 Firmware | <= 1.0.1.22 |
| Netgear | R6700 | - |
| Netgear | R6900 Firmware | <= 1.0.1.20 |
| Netgear | R6900 | - |
| Netgear | R7000 Firmware | <= 1.0.7.10 |
| Netgear | R7000 | - |
| Netgear | R7000P Firmware | <= 1.0.0.58 |
| Netgear | R7000P | - |
| Netgear | R7100Lg Firmware | <= 1.0.0.28 |
| Netgear | R7100Lg | - |
| Netgear | R7300Dst Firmware | <= 1.0.0.52 |
| Netgear | R7300Dst | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-FilVendor Advisory
- https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-FilVendor Advisory
FAQ
What is CVE-2017-18853?
CVE-2017-18853 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and ear...
How severe is CVE-2017-18853?
CVE-2017-18853 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18853?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear D8500 Firmware, Netgear D8500, Netgear Dgn2200 Firmware, Netgear Dgn2200, Netgear R6300 Firmware.