CVE-2017-18794

HIGH

NETGEAR R6300v2/R6400/R6700/R7000/R7100LG/R7900/R8000/R8500/D6100 - OS Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000049368/Security-Advisory-for-Command-Injection-Vulnerability-on-D6100-and-Some-Routers-PSV-2017-0321

Scores

CVSS v3 8.4

EPSS 0.0037

EPSS Percentile 58.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (9)

netgear/d6100_firmware < 1.0.0.50_0.0.50

netgear/r6300_firmware < 1.0.4.8_10.0.77

netgear/r6400_firmware < 1.0.1.24

netgear/r6700_firmware < 1.0.1.26

netgear/r7000_firmware < 1.0.9.10

netgear/r7100lg_firmware < 1.0.0.32

netgear/r7900_firmware < 1.0.1.18

netgear/r8000_firmware < 1.0.3.54

netgear/r8500_firmware < 1.0.2.100

Published Apr 21, 2020

Tracked Since Feb 18, 2026