CVE-2017-18863

Description

Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier.

Related CPE's

onetgearwn604_firmware********

hnetgearwn604-*******

onetgearwnap210_firmware********

hnetgearwnap210v2*******

onetgearwnap320_firmware********

hnetgearwnap320-*******

onetgearwndap350_firmware********

hnetgearwndap350-*******

onetgearwndap360_firmware********

hnetgearwndap360-*******

References

https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258

Vendor Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AttackVector

LOCAL

AttackComplexity

LOW

PrivilegesRequired

LOW

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

NONE

BaseScore

7.1

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:N

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

3.5999999046325684

Created by Yello
About Severity.io