First published: Wed Apr 29 2020(Updated: )
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Fs752tp Firmware | <=5.4.2.19 | |
Netgear Fs752tp | ||
Netgear Gs108t Firmware | <=5.4.2.29 | |
Netgear Gs108tv2 | ||
Netgear Gs110tp Firmware | <=5.4.2.29 | |
Netgear Gs110tp | ||
Netgear Gs418tpp Firmware | <=6.6.2.6 | |
Netgear Gs418tpp | ||
Netgear Gs510tlp Firmware | <=6.6.2.6 | |
Netgear Gs510tlp | ||
Netgear Gs510tp Firmware | <=5.04.2.27 | |
Netgear Gs510tp | ||
Netgear Gs510tpp Firmware | <=6.6.2.6 | |
Netgear Gs510tpp | ||
Netgear Gs716t Firmware | <=5.4.2.27 | |
Netgear Gs716t | =v2 | |
Netgear Gs716t Firmware | <=6.3.1.16 | |
Netgear Gs716t | =v3 | |
Netgear Gs724t Firmware | <=5.4.2.27 | |
Netgear Gs724t | =v3 | |
Netgear Gs724t Firmware | <=6.3.1.16 | |
Netgear Gs724t | =v4 | |
Netgear Gs728tpsb Firmware | <=5.3.0.29 | |
Netgear Gs728tpsb | ||
Netgear Gs728tsb Firmware | <=5.3.0.29 | |
Netgear Gs728tsb | ||
Netgear Gs728txs Firmware | <=6.1.0.35 | |
Netgear Gs728txs | ||
Netgear Gs748t Firmware | <=5.4.2.27 | |
Netgear Gs748t | =v4 | |
Netgear Gs748t Firmware | <=6.3.1.16 | |
Netgear Gs748t | =v5 | |
Netgear Gs752tpsb Firmware | <=5.3.0.29 | |
Netgear Gs752tpsb | ||
Netgear Gs752tsb Firmware | <=5.3.0.29 | |
Netgear Gs752tsb | ||
Netgear Gs752txs Firmware | <=6.1.0.35 | |
Netgear Gs752txs | ||
Netgear M4200 Firmware | <=12.0.2.10 | |
Netgear M4200 | ||
Netgear M4300 Firmware | <=12.0.2.10 | |
Netgear M4300 | ||
Netgear M5300 Firmware | <=11.0.0.28 | |
Netgear M5300 | ||
Netgear M6100 Firmware | <=11.0.0.28 | |
Netgear M6100 | ||
Netgear M7100 Firmware | <=11.0.0.28 | |
Netgear M7100 | ||
Netgear S3300 Firmware | <=6.6.1.4 | |
Netgear S3300 | ||
Netgear Xs708t Firmware | <=6.6.0.11 | |
Netgear Xs708t | ||
Netgear Xs712t Firmware | <=6.1.0.34 | |
Netgear Xs712t | ||
Netgear Xs716t Firmware | <=6.6.0.11 | |
Netgear Xs716t |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
FS752TP, GS108Tv2, GS110TP, GS418TPP, GS510TLP, GS510TP, GS510TPP, GS716T
The severity of CVE-2017-18860 is high, with a CVSS score of 7.7.
Update the firmware of the affected NETGEAR devices to a version that is not vulnerable.
You can find more information about CVE-2017-18860 in the Netgear security advisory at the following link: https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857
The Common Weakness Enumeration (CWE) of CVE-2017-18860 is CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')).