CVE-2017-18853

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
netgeard8500_firmware
𝑥
≤ 1.0.3.27
netgeardgn2200_firmware
𝑥
≤ 1.0.0.82
netgearr6300_firmware
𝑥
≤ 1.0.4.06
netgearr6400_firmware
𝑥
≤ 1.0.1.20
netgearr6400_firmware
𝑥
≤ 1.0.2.18
netgearr6700_firmware
𝑥
≤ 1.0.1.22
netgearr6900_firmware
𝑥
≤ 1.0.1.20
netgearr7000_firmware
𝑥
≤ 1.0.7.10
netgearr7000p_firmware
𝑥
≤ 1.0.0.58
netgearr7100lg_firmware
𝑥
≤ 1.0.0.28
netgearr7300dst_firmware
𝑥
≤ 1.0.0.52
netgearr7900_firmware
𝑥
≤ 1.0.1.12
netgearr8000_firmware
𝑥
≤ 1.0.3.46
netgearr8300_firmware
𝑥
≤ 1.0.2.86
netgearr8500_firmware
𝑥
≤ 1.0.2.86
netgearwndr3400_firmware
𝑥
≤ 1.0.1.8
netgearwndr4500_firmware
𝑥
≤ 1.0.0.62
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677
https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677