Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-11106

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

Published

2020-04-01T17:15:14.737

Last Modified

2024-11-21T03:42:41.457

Status

Modified

Source

a2826606-91e7-4eb6-899e-8484bd4575d5

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	wc7500_firmware	< 6.5.3.5	Yes
Hardware	netgear	wc7500	-	No
Operating System	netgear	wc7520_firmware	< 2.5.0.46	Yes
Hardware	netgear	wc7520	-	No
Operating System	netgear	wc7600v1_firmware	< 6.5.3.5	Yes
Hardware	netgear	wc7600v1	-	No
Operating System	netgear	wc7600v2_firmware	< 6.5.3.5	Yes
Hardware	netgear	wc7600v2	-	No
Operating System	netgear	wc9500_firmware	< 6.5.3.5	Yes
Hardware	netgear	wc9500	-	No

References

https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051 (a2826606-91e7-4eb6-899e-8484bd4575d5)
https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051 (af854a3a-2127-422b-91ae-364da2661108)