CVE-2017-18806

MEDIUM

NETGEAR WAC510/WAC120/WNDAP620/WND930/WN604/WNDAP660/WNDAP350/WNAP320/WNAP210/WNDAP360 Firmware - OS Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214

Scores

CVSS v3 6.7

EPSS 0.0009

EPSS Percentile 25.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (10)

netgear/wac120_firmware < 2.1.4

netgear/wac510_firmware < 1.3.0.10

netgear/wn604_firmware < 3.3.7

netgear/wnap210_firmware < 3.7.4.0

netgear/wnap320_firmware < 3.7.4.0

netgear/wnd930_firmware < 2.1.2

netgear/wndap350_firmware < 3.7.4.0

netgear/wndap360_firmware < 3.7.4.0

netgear/wndap620_firmware < 2.1.3

netgear/wndap660_firmware < 3.7.4.0

Published Apr 21, 2020

Tracked Since Feb 18, 2026