CVE-2017-18853

EUVD-2017-9944
Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
netgeard8500_firmware
𝑥
≤ 1.0.3.27
netgeardgn2200_firmware
𝑥
≤ 1.0.0.82
netgearr6300_firmware
𝑥
≤ 1.0.4.06
netgearr6400_firmware
𝑥
≤ 1.0.1.20
netgearr6400_firmware
𝑥
≤ 1.0.2.18
netgearr6700_firmware
𝑥
≤ 1.0.1.22
netgearr6900_firmware
𝑥
≤ 1.0.1.20
netgearr7000_firmware
𝑥
≤ 1.0.7.10
netgearr7000p_firmware
𝑥
≤ 1.0.0.58
netgearr7100lg_firmware
𝑥
≤ 1.0.0.28
netgearr7300dst_firmware
𝑥
≤ 1.0.0.52
netgearr7900_firmware
𝑥
≤ 1.0.1.12
netgearr8000_firmware
𝑥
≤ 1.0.3.46
netgearr8300_firmware
𝑥
≤ 1.0.2.86
netgearr8500_firmware
𝑥
≤ 1.0.2.86
netgearwndr3400_firmware
𝑥
≤ 1.0.1.8
netgearwndr4500_firmware
𝑥
≤ 1.0.0.62
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677
https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677