CVE-2017-18799

EUVD-2017-9890
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
netgearr6200_firmware
𝑥
< 1.0.3.14
netgearr6250_firmware
𝑥
< 1.0.4.8
netgearr6300_firmware
𝑥
< 1.0.4.8
netgearr6700_firmware
𝑥
< 1.1.1.20
netgearr7000_firmware
𝑥
< 1.0.7.10
netgearr7000p_firmware
𝑥
< 1.0.0.56
netgearr6900p_firmware
𝑥
< 1.0.0.56
netgearr7100lg_firmware
𝑥
< 1.0.0.30
netgearr7900_firmware
𝑥
< 1.0.1.14
netgearr8000_firmware
𝑥
< 1.0.3.22
netgearr8500_firmware
𝑥
< 1.0.2.74
netgeard8500_firmware
𝑥
< 1.0.3.28
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000049357/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-D8500-and-Some-Routers-PSV-2017-0528
https://kb.netgear.com/000049357/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-D8500-and-Some-Routers-PSV-2017-0528