CVE-2017-18796

MEDIUM

NETGEAR R6400/R6700/R6900/R7000/R7000P/R6900P/R7800 Firmware - OS Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000049366/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Routers-PSV-2016-0106

Scores

CVSS v3 6.7

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (7)

netgear/r6400_firmware < 1.0.1.24

netgear/r6700_firmware < 1.0.1.26

netgear/r6900_firmware < 1.0.1.28

netgear/r6900p_firmware < 1.0.1.16

netgear/r7000_firmware < 1.0.9.10

netgear/r7000p_firmware < 1.0.1.16

netgear/r7800_firmware < 1.0.2.36

Published Apr 21, 2020

Tracked Since Feb 18, 2026