What is CVE-2018-21227?

CVE-2018-21227 is a vulnerability that allows command injection by an authenticated user on certain NETGEAR devices.

How does CVE-2018-21227 affect NETGEAR devices?

CVE-2018-21227 allows an authenticated user to execute arbitrary commands on affected NETGEAR devices.

What is the severity of CVE-2018-21227?

CVE-2018-21227 has a severity rating of 6.8 (medium).

How can I fix CVE-2018-21227?

To fix CVE-2018-21227, users should update their NETGEAR devices to the latest firmware version provided by NETGEAR.

Vulnerability/
CVE-2018-21227

medium

6.8

CWE

74 77

24/4/2020

5/8/2024

CVE-2018-21227: Command Injection

Q: Which NETGEAR devices are affected by CVE-2018-21227?

CVE-2018-21227 affects the following devices: D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, Wndr4300 before 1.0.0.50, and Wndr4500 before 1.0.0.50.

First published: Fri Apr 24 2020(Updated: )

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Netgear D7800 Firmware	<1.0.1.34
Netgear D7800
Netgear R6400 Firmware	<1.0.2.34
NETGEAR R6400	=v2
Netgear R6700 Firmware	<1.0.1.30
NETGEAR R6700
Netgear R6900 Firmware	<1.0.1.30
Netgear R6900
Netgear R6900p Firmware	<1.0.0.62
Netgear R6900P
Netgear R7000 Firmware	<1.0.9.12
NETGEAR R7000
Netgear R7000p Firmware	<1.0.0.62
Netgear R7000P
Netgear R7500 Firmware	<1.0.3.26
Netgear R7500	=v2
NETGEAR R7800 firmware	<1.0.2.42
NETGEAR R7800
Netgear R9000 Firmware	<1.0.3.10
NETGEAR R9000
Netgear Wndr4300 Firmware	<1.0.0.50
Netgear Wndr4300	=v2
Netgear Wndr4500 Firmware	<1.0.0.50
Netgear WNDR4500	=v3

Never miss a vulnerability like this again

Reference Links

https://kb.netgear.com/000055109/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-0737

Frequently Asked Questions

What is CVE-2018-21227?
CVE-2018-21227 is a vulnerability that allows command injection by an authenticated user on certain NETGEAR devices.
Which NETGEAR devices are affected by CVE-2018-21227?
CVE-2018-21227 affects the following devices: D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, Wndr4300 before 1.0.0.50, and Wndr4500 before 1.0.0.50.
How does CVE-2018-21227 affect NETGEAR devices?
CVE-2018-21227 allows an authenticated user to execute arbitrary commands on affected NETGEAR devices.
What is the severity of CVE-2018-21227?
CVE-2018-21227 has a severity rating of 6.8 (medium).
How can I fix CVE-2018-21227?
To fix CVE-2018-21227, users should update their NETGEAR devices to the latest firmware version provided by NETGEAR.

CVE-2018-21227: Command Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-21227?

Which NETGEAR devices are affected by CVE-2018-21227?

How does CVE-2018-21227 affect NETGEAR devices?

What is the severity of CVE-2018-21227?

How can I fix CVE-2018-21227?

Company

Resources

Contact