TROYANOSYVIRUS
Retour aux CVEs

CVE-2018-21114

MEDIUM
6.8

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Details CVE

Score CVSS v3.16.8
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie4/22/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

netgear:d7800netgear:d7800_firmwarenetgear:ex6100netgear:ex6100_firmwarenetgear:ex6150netgear:ex6150_firmwarenetgear:ex6200netgear:ex6200_firmwarenetgear:ex6400netgear:ex6400_firmwarenetgear:ex7300netgear:ex7300_firmwarenetgear:r6100netgear:r6100_firmwarenetgear:r7500netgear:r7500_firmwarenetgear:r7800netgear:r7800_firmwarenetgear:r9000netgear:r9000_firmwarenetgear:wn3000rpnetgear:wn3000rp_firmwarenetgear:wndr4300netgear:wndr4300_firmwarenetgear:wndr4500netgear:wndr4500_firmware

Faiblesses (CWE)

CWE-74

References

https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645(cve@mitre.org)
https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.