Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18805

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

Published

2020-04-21T18:15:12.593

Last Modified

2024-11-21T03:20:58.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-74
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear wac510_firmware < 1.3.0.10 Yes
Hardware netgear wac510 - No
Operating System netgear wac120_firmware < 2.1.4 Yes
Hardware netgear wac120 - No
Operating System netgear wndap620_firmware < 2.1.3 Yes
Hardware netgear wndap620 - No
Operating System netgear wnd930_firmware < 2.1.2 Yes
Hardware netgear wnd930 - No
Operating System netgear wn604_firmware < 3.3.7 Yes
Hardware netgear wn604 - No
Operating System netgear wndap660_firmware < 3.7.4.0 Yes
Hardware netgear wndap660 - No
Operating System netgear wndap350_firmware < 3.7.4.0 Yes
Hardware netgear wndap350 - No
Operating System netgear wnap320_firmware < 3.7.4.0 Yes
Hardware netgear wnap320 - No
Operating System netgear wnap210_firmware < 3.7.4.0 Yes
Hardware netgear wnap210 v2 No
Operating System netgear wndap360_firmware < 3.7.4.0 Yes
Hardware netgear wndap360 - No
References