CVE-2017-18746

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
6.1 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
netgearex3700_firmware
𝑥
< 1.0.0.64
netgearex3800_firmware
𝑥
< 1.0.0.64
netgearex6000_firmware
𝑥
< 1.0.0.24
netgearex6130_firmware
𝑥
< 1.0.0.16
netgearex6400_firmware
𝑥
< 1.0.1.60
netgearex7000_firmware
𝑥
< 1.0.0.50
netgearex7300_firmware
𝑥
< 1.0.1.60
netgearwn2500rp_firmware
𝑥
< 1.0.1.46
𝑥
= Vulnerable software versions
References
https://kb.netgear.com/000051508/Security-Advisory-for-Security-Misconfiguration-on-Some-Extenders-PSV-2016-0253
https://kb.netgear.com/000051508/Security-Advisory-for-Security-Misconfiguration-on-Some-Extenders-PSV-2016-0253