Command Injection Vulnerability in NETGEAR Routers and Modem Routers
CVE-2017-18851

6.7MEDIUM

Key Information:

Vendor: Netgear
Status: D8500 Firmware
Vendor: CVE Published:; 20 April 2020

Summary

Certain NETGEAR routers and modem routers are vulnerable to a command injection attack by an authenticated user. This vulnerability allows malicious actors who have gained access to the device to execute unauthorized commands, potentially compromising the security of the network. Specifically, models D8500, R6400, R6400v2, R8300, R8500, and R6100 up to various firmware versions are affected. Users are advised to apply necessary patches and updates to mitigate this security risk.

References

https://kb.netgear.com/000045850/Security-Advisory-for-Po...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2020
Vulnerability Reserved
Apr 20, 2020