CVE-2017-18860

HIGH

NETGEAR Smart and Managed Switches - Unauthenticated Remote Command Execution via Debugging Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857

Scores

CVSS v3 7.7

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-74

Status published

Products (25)

netgear/fs752tp_firmware < 5.4.2.19

netgear/gs108t_firmware < 5.4.2.29

netgear/gs110tp_firmware < 5.4.2.29

netgear/gs418tpp_firmware < 6.6.2.6

netgear/gs510tlp_firmware < 6.6.2.6

netgear/gs510tp_firmware < 5.04.2.27

netgear/gs510tpp_firmware < 6.6.2.6

netgear/gs716t_firmware < 5.4.2.27

netgear/gs724t_firmware < 5.4.2.27

netgear/gs728tpsb_firmware < 5.3.0.29

... and 15 more

Published Apr 29, 2020

Tracked Since Feb 18, 2026