Vulnerability Details : CVE-2017-18806
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.
Exploit prediction scoring system (EPSS) score for CVE-2017-18806
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-18806
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
MITRE |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2017-18806
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18806
-
https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214
Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2214 | Answer | NETGEAR SupportVendor Advisory
Products affected by CVE-2017-18806
- cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*