CVE-2017-18762: Command Injection
First published: Wed Apr 22 2020(Updated: )
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR D3600 firmware | <1.0.0.68 | |
| NETGEAR D3600 firmware | ||
| NETGEAR D6000 firmware | <1.0.0.68 | |
| NETGEAR D6000 firmware | ||
| NETGEAR D6100 firmware | <1.0.0.57 | |
| NETGEAR D6100 firmware | ||
| NETGEAR R6100 firmware | <1.0.1.16 | |
| NETGEAR R6100 firmware | ||
| NETGEAR R6900P firmware | <1.2.0.22 | |
| Netgear R6900 Firmware | ||
| NETGEAR R7000 firmware | <1.0.9.10 | |
| NETGEAR R7000 firmware | ||
| NETGEAR R7000P firmware | <1.2.0.22 | |
| Netgear R7000P | ||
| NETGEAR R7100LG firmware | <1.0.0.40 | |
| Netgear R7100LG | ||
| NETGEAR WNDR3700 firmware | <1.0.2.88 | |
| NETGEAR WNDR3700v4 | =v4 | |
| NETGEAR WNDR4300v2 firmware | <1.0.2.90 | |
| NETGEAR wndr4300v2 | =v1 | |
| NETGEAR WNDR4300v2 firmware | <1.0.0.48 | |
| NETGEAR wndr4300v2 | =v2 | |
| NETGEAR WNDR4500 firmware | <1.0.0.48 | |
| NETGEAR WNDR4500v3 | =v3 | |
| NETGEAR WNR2000v2 | <1.0.0.58 | |
| Netgear WNR2000v4 | =v5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-18762?
The severity of CVE-2017-18762 is high, with a severity score of 8.8.
Which NETGEAR devices are affected by CVE-2017-18762?
The NETGEAR devices affected by CVE-2017-18762 are D3600, D6000, D6100, R6100, R6900P, R7000, R7000P, and R7100LG.
What is the affected firmware version for D3600?
The affected firmware version for D3600 is before 1.0.0.68.
How can an unauthenticated attacker exploit CVE-2017-18762?
An unauthenticated attacker can exploit CVE-2017-18762 through command injection.
Where can I find more information about CVE-2017-18762?
You can find more information about CVE-2017-18762 at the following link: https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/references
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear d3600 firmware
- canonical/netgear d6000 firmware
- canonical/netgear d6100 firmware
- canonical/netgear r6100 firmware
- canonical/netgear r6900p firmware
- canonical/netgear r6900 firmware
- canonical/netgear r7000 firmware
- canonical/netgear r7000p firmware
- canonical/netgear r7000p
- canonical/netgear r7100lg firmware
- canonical/netgear r7100lg
- canonical/netgear wndr3700 firmware
- canonical/netgear wndr3700v4
- version/netgear wndr3700v4/v4
- canonical/netgear wndr4300v2 firmware
- canonical/netgear wndr4300v2
- version/netgear wndr4300v2/v1
- version/netgear wndr4300v2/v2
- canonical/netgear wndr4500 firmware
- canonical/netgear wndr4500v3
- version/netgear wndr4500v3/v3
- canonical/netgear wnr2000v2
- canonical/netgear wnr2000v4
- version/netgear wnr2000v4/v5