First published: Thu Apr 23 2020(Updated: )
Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear R6400 Firmware | <1.0.1.14 | |
NETGEAR R6400 | ||
Netgear R6700 Firmware | <1.0.1.22 | |
NETGEAR R6700 | ||
Netgear R6900 Firmware | <1.0.1.22 | |
Netgear R6900 | ||
Netgear R7000 Firmware | <1.0.9.4 | |
NETGEAR R7000 | ||
Netgear R7100lg Firmware | <1.0.0.32 | |
Netgear R7100LG | ||
Netgear R7300dst Firmware | <1.0.0.56 | |
Netgear R7300dst | ||
Netgear R7900 Firmware | <1.0.1.12 | |
Netgear R7900 | ||
Netgear R8000 Firmware | <1.0.3.24 | |
NETGEAR R8000 | ||
Netgear R8500 Firmware | <1.0.2.74 | |
NETGEAR R8500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-18745 is medium (6.1).
NETGEAR R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, and R8500 devices are affected by CVE-2017-18745.
CVE-2017-18745 affects certain NETGEAR devices by allowing stored cross-site scripting (XSS) attacks.
Firmware versions before 1.0.1.14 for R6400, before 1.0.1.22 for R6700, before 1.0.1.22 for R6900, before 1.0.9.4 for R7000, before 1.0.0.32 for R7100LG, before 1.0.0.56 for R7300DST, before 1.0.1.12 for R7900, before 1.0.3.24 for R8000, and before 1.0.2.74 for R8500 are vulnerable to CVE-2017-18745.
To fix CVE-2017-18745 on your NETGEAR device, update the firmware to version 1.0.1.14 or later for R6400, 1.0.1.22 or later for R6700, 1.0.1.22 or later for R6900, 1.0.9.4 or later for R7000, 1.0.0.32 or later for R7100LG, 1.0.0.56 or later for R7300DST, 1.0.1.12 or later for R7900, 1.0.3.24 or later for R8000, and 1.0.2.74 or later for R8500.