CVE-2018-21117

HIGH

NETGEAR XR500 Firmware < 2.3.2.32 - Unauthenticated Remote Code Execution via Traceroute Handler

Title source: llm
STIX 2.1

Description

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0024
EPSS Percentile 47.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
netgear/xr500_firmware < 2.3.2.32
Published Apr 22, 2020
Tracked Since Feb 18, 2026