Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18863

Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier.

Published

2020-04-28T16:15:12.747

Last Modified

2024-11-21T03:21:07.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-74
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear wn604_firmware < 3.3.3 Yes
Hardware netgear wn604 - No
Operating System netgear wnap210_firmware < 3.5.20.0 Yes
Hardware netgear wnap210 v2 No
Operating System netgear wnap320_firmware < 3.5.20.0 Yes
Hardware netgear wnap320 - No
Operating System netgear wndap350_firmware < 3.5.20.0 Yes
Hardware netgear wndap350 - No
Operating System netgear wndap360_firmware < 3.5.20.0 Yes
Hardware netgear wndap360 - No
Operating System netgear wndap620_firmware < 2.0.11 Yes
Hardware netgear wndap620 - No
Operating System netgear wndap660_firmware < 3.5.20.0 Yes
Hardware netgear wndap660 - No
Operating System netgear wnd930_firmware < 2.0.11 Yes
Hardware netgear wnd930 - No
Operating System netgear wac120_firmware < 2.0.7 Yes
Hardware netgear wac120 - No
References