CVE-2017-18735

HIGH

NETGEAR JR6150/PR2000/R6050/R6700/R6800/R6900 Firmware - Unauthenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000051520/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2143

Scores

CVSS v3 8.8

EPSS 0.0059

EPSS Percentile 69.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (6)

netgear/jr6150_firmware < 1.0.1.10

netgear/pr2000_firmware < 1.0.0.18

netgear/r6050_firmware < 1.0.1.10

netgear/r6700_firmware < 1.2.0.4

netgear/r6800_firmware < 1.2.0.4

netgear/r6900_firmware < 1.2.0.4

Published Apr 23, 2020

Tracked Since Feb 18, 2026