CVE-2017-18802

MEDIUM

NETGEAR R6100/R7500/R7800/EX6200/D7800 Firmware - OS Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000049354/Security-Advisory-for-Command-Injection-Vulnerability-on-D7000-EX6200v2-and-Some-Routers-PSV-2017-2181

Scores

CVSS v3 6.7

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (5)

netgear/d7800_firmware < 1.0.1.22

netgear/ex6200_firmware < 1.0.1.50

netgear/r6100_firmware < 1.0.1.14

netgear/r7500_firmware < 1.0.0.110

netgear/r7800_firmware < 1.0.2.32

Published Apr 21, 2020

Tracked Since Feb 18, 2026