CVE-2018-21225
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
28/04/2020
Last modified:
04/05/2020
Description
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before 1.2.0.16, R7000 before 1.0.9.12, R7000P before 1.2.0.22, R7500v2 before 1.0.3.20, R7800 before 1.0.2.44, R8300 before 1.0.2.106, R8500 before 1.0.2.106, and R9000 before 1.0.2.52.
Impact
Base Score 3.x
6.80
Severity 3.x
MEDIUM
Base Score 2.0
5.20
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* | 1.0.1.34 (excluding) | |
| cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:* | 1.0.1.60 (excluding) | |
| cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:* | 1.0.3.39 (excluding) | |
| cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* | 1.0.1.30 (excluding) | |
| cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* | 1.2.0.16 (excluding) | |
| cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:* | 1.2.0.16 (excluding) | |
| cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:* | 1.0.1.30 (excluding) | |
| cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:* | 1.2.0.16 (excluding) |
To consult the complete list of CPE names with products and versions, see this page