CVE-2018-21154

MEDIUM

NETGEAR D7800/DM200/R6100/R7500/R7800 Firmware - Authenticated OS Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000059479/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2017-3133

Scores

CVSS v3 6.8

EPSS 0.0014

EPSS Percentile 33.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (5)

netgear/d7800_firmware < 1.0.1.34

netgear/dm200_firmware < 1.0.0.50

netgear/r6100_firmware < 1.0.1.22

netgear/r7500_firmware < 1.0.0.122

netgear/r7800_firmware < 1.0.2.42

Published Apr 27, 2020

Tracked Since Feb 18, 2026