7.7
CWE
74
Advisory Published
Updated

CVE-2017-18860

First published: Wed Apr 29 2020(Updated: )

Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Netgear Fs752tp Firmware<=5.4.2.19
Netgear Fs752tp
Netgear Gs108t Firmware<=5.4.2.29
Netgear Gs108tv2
Netgear Gs110tp Firmware<=5.4.2.29
Netgear Gs110tp
Netgear Gs418tpp Firmware<=6.6.2.6
Netgear Gs418tpp
Netgear Gs510tlp Firmware<=6.6.2.6
Netgear Gs510tlp
Netgear Gs510tp Firmware<=5.04.2.27
Netgear Gs510tp
Netgear Gs510tpp Firmware<=6.6.2.6
Netgear Gs510tpp
Netgear Gs716t Firmware<=5.4.2.27
Netgear Gs716t=v2
Netgear Gs716t Firmware<=6.3.1.16
Netgear Gs716t=v3
Netgear Gs724t Firmware<=5.4.2.27
Netgear Gs724t=v3
Netgear Gs724t Firmware<=6.3.1.16
Netgear Gs724t=v4
Netgear Gs728tpsb Firmware<=5.3.0.29
Netgear Gs728tpsb
Netgear Gs728tsb Firmware<=5.3.0.29
Netgear Gs728tsb
Netgear Gs728txs Firmware<=6.1.0.35
Netgear Gs728txs
Netgear Gs748t Firmware<=5.4.2.27
Netgear Gs748t=v4
Netgear Gs748t Firmware<=6.3.1.16
Netgear Gs748t=v5
Netgear Gs752tpsb Firmware<=5.3.0.29
Netgear Gs752tpsb
Netgear Gs752tsb Firmware<=5.3.0.29
Netgear Gs752tsb
Netgear Gs752txs Firmware<=6.1.0.35
Netgear Gs752txs
Netgear M4200 Firmware<=12.0.2.10
Netgear M4200
Netgear M4300 Firmware<=12.0.2.10
Netgear M4300
Netgear M5300 Firmware<=11.0.0.28
Netgear M5300
Netgear M6100 Firmware<=11.0.0.28
Netgear M6100
Netgear M7100 Firmware<=11.0.0.28
Netgear M7100
Netgear S3300 Firmware<=6.6.1.4
Netgear S3300
Netgear Xs708t Firmware<=6.6.0.11
Netgear Xs708t
Netgear Xs712t Firmware<=6.1.0.34
Netgear Xs712t
Netgear Xs716t Firmware<=6.6.0.11
Netgear Xs716t

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What devices are affected by CVE-2017-18860?

    FS752TP, GS108Tv2, GS110TP, GS418TPP, GS510TLP, GS510TP, GS510TPP, GS716T

  • What is the severity of CVE-2017-18860?

    The severity of CVE-2017-18860 is high, with a CVSS score of 7.7.

  • How can I fix CVE-2017-18860?

    Update the firmware of the affected NETGEAR devices to a version that is not vulnerable.

  • Where can I find more information about CVE-2017-18860?

    You can find more information about CVE-2017-18860 in the Netgear security advisory at the following link: https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857

  • What is the Common Weakness Enumeration (CWE) of CVE-2017-18860?

    The Common Weakness Enumeration (CWE) of CVE-2017-18860 is CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203