CVE-2017-18806 - OpenCVE

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Wnap210 Firmware Wac510 Firmware Wndap350 Wndap660 Wndap360 Firmware Wndap350 Firmware Wac120 Wn604 Firmware Wac120 Firmware Wnap210 Wndap360 Wnap320 Firmware Wndap620 Wndap620 Firmware Wnap320 Wndap660 Firmware Wnd930 Wnd930 Firmware Wac510 Wn604

Configuration 1 [-]

AND

cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-21T15:56:41

Updated: 2020-04-21T15:56:41

Reserved: 2020-04-20T00:00:00

Link: CVE-2017-18806

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-21T16:15:51.337

Modified: 2020-04-23T20:22:29.643

Link: CVE-2017-18806

JSON object: View

Redhat Information

No data.

CWE

CWE-74