CVE-2018-21123
Description
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.
Related CPE's
References
Vendor Advisory
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
AttackVector | ADJACENT_NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | NONE |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | HIGH |
IntegrityImpact | HIGH |
AvailabilityImpact | HIGH |
BaseScore | 8.8 |
BaseSeverity | HIGH |
CvssV2 impact
Version | 2.0 |
VectorString | AV:A/AC:L/Au:N/C:P/I:P/A:P |
AccessVector | ADJACENT_NETWORK |
AccessComplexity | LOW |
Authentication | NONE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
BaseScore | 5.800000190734863 |