Vulnerability Description
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Wc7500 Firmware | < 6.5.3.5 |
| Netgear | Wc7500 | - |
| Netgear | Wc7520 Firmware | < 2.5.0.46 |
| Netgear | Wc7520 | - |
| Netgear | Wc7600V1 Firmware | < 6.5.3.5 |
| Netgear | Wc7600V1 | - |
| Netgear | Wc7600V2 Firmware | < 6.5.3.5 |
| Netgear | Wc7600V2 | - |
| Netgear | Wc9500 Firmware | < 6.5.3.5 |
| Netgear | Wc9500 | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Comman
- https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Comman
FAQ
What is CVE-2018-11106?
CVE-2018-11106 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5;...
How severe is CVE-2018-11106?
CVE-2018-11106 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11106?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wc7500 Firmware, Netgear Wc7500, Netgear Wc7520 Firmware, Netgear Wc7520, Netgear Wc7600V1 Firmware.