First published: Thu Apr 23 2020(Updated: )
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Jr6150 Firmware | <1.0.1.10 | |
Netgear Jr6150 | ||
Netgear Pr2000 Firmware | <1.0.0.18 | |
Netgear Pr2000 | ||
Netgear R6050 Firmware | <1.0.1.10 | |
Netgear R6050 | ||
Netgear R6700 Firmware | <1.2.0.4 | |
NETGEAR R6700 | =v2 | |
Netgear R6800 Firmware | <1.2.0.4 | |
Netgear R6800 | ||
Netgear R6900 Firmware | <1.2.0.4 | |
Netgear R6900 | =v2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-18735 is a vulnerability that affects certain NETGEAR devices, allowing an unauthenticated attacker to perform command injection.
CVE-2017-18735 affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.
CVE-2017-18735 has a severity score of 8.8 (high).
CVE-2017-18735 allows an unauthenticated attacker to inject and execute arbitrary commands on vulnerable NETGEAR devices.
To fix CVE-2017-18735, it is recommended to update the firmware of the affected NETGEAR devices to the latest version provided by the manufacturer.