Search criteria
6 vulnerabilities found for wc7520_firmware by netgear
FKIE_CVE-2018-21123
Vulnerability from fkie_nvd - Published: 2020-04-22 16:15 - Updated: 2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wc7500_firmware | * | |
| netgear | wc7500 | - | |
| netgear | wc7520_firmware | * | |
| netgear | wc7520 | - | |
| netgear | wc7600_firmware | * | |
| netgear | wc7600 | v1 | |
| netgear | wc7600_firmware | * | |
| netgear | wc7600 | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457896CF-BF39-42F9-93B4-3B98B043D56A",
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22B065-8EC8-4DA7-984A-CCB6919AF8F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C28CDB2B-9E25-40A5-AE57-39954BD8EC4F",
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58C9FE8-4BD5-41F9-9714-2D8083A51D98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC819C7-3CAE-4C52-96CD-B9F8E0DCD816",
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7600:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE67DAE-CB9A-497B-8B23-94E1DE93329B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC819C7-3CAE-4C52-96CD-B9F8E0DCD816",
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7600:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "10DD5BCE-4C6F-4524-94C0-9779E897BFB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un atacante no autenticado. Esto afecta a WC7500 versiones anteriores a 6.5.3.9, WC7520 versiones anteriores a 6.5.3.9, WC7600v1 versiones anteriores a 6.5.3.9 y WC7600v2 versiones anteriores a 6.5.3.9."
}
],
"id": "CVE-2018-21123",
"lastModified": "2024-11-21T04:02:57.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-22T16:15:12.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-11106
Vulnerability from fkie_nvd - Published: 2020-04-01 17:15 - Updated: 2024-11-21 03:42
Severity ?
Summary
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wc7500_firmware | * | |
| netgear | wc7500 | - | |
| netgear | wc7520_firmware | * | |
| netgear | wc7520 | - | |
| netgear | wc7600v1_firmware | * | |
| netgear | wc7600v1 | - | |
| netgear | wc7600v2_firmware | * | |
| netgear | wc7600v2 | - | |
| netgear | wc9500_firmware | * | |
| netgear | wc9500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8184DF48-1CCE-4950-921B-8A825D8CDD71",
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB22B065-8EC8-4DA7-984A-CCB6919AF8F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD35ED-0A90-4932-976B-A7666B3D7C7A",
"versionEndExcluding": "2.5.0.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58C9FE8-4BD5-41F9-9714-2D8083A51D98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7600v1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3D43A9-6A00-4498-BEC5-46A11604A1A6",
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7600v1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB1A3EC-1069-40FC-BDDF-C3AC93E037C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc7600v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9D9CAF-D9FC-4E42-9C80-DE53C75AD578",
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc7600v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8BB1F1-A12D-43CC-A6D0-9633E99D746B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wc9500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8073AB91-0F60-4EF8-9347-EB0EA6C76A76",
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wc9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113D0DF6-C719-4A43-80B2-463EC4323009",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
},
{
"lang": "es",
"value": "NETGEAR presenta correcciones publicadas para una inyecci\u00f3n de comando previa a la autenticaci\u00f3n en una vulnerabilidad de seguridad del archivo request_handler.php en los siguientes modelos de producto: WC7500, ejecutando versiones de firmware anteriores a 6.5.3.5; WC7520, ejecutando versiones de firmware anteriores a 2.5.0.46; WC7600v1, ejecutando versiones de firmware anteriores a 6.5.3.5; WC7600v2, ejecutando versiones de firmware anteriores a 6.5.3.5; y WC9500, ejecutando versiones de firmware anteriores a 6.5.3.5."
}
],
"id": "CVE-2018-11106",
"lastModified": "2024-11-21T03:42:41.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T17:15:14.737",
"references": [
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-21123 (GCVE-0-2018-21123)
Vulnerability from cvelistv5 – Published: 2020-04-22 15:48 – Updated: 2024-08-05 12:19
VLAI?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T15:48:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21123",
"datePublished": "2020-04-22T15:48:06",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11106 (GCVE-0-2018-11106)
Vulnerability from cvelistv5 – Published: 2020-04-01 16:31 – Updated: 2024-08-05 07:54
VLAI?
Summary
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WC7500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7520",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 2.5.0.46"
}
]
},
{
"product": "WC7600v1",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7600v2",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC9500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
}
],
"datePublic": "2018-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T16:31:45",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "netgear"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@netgear.com",
"ID": "CVE-2018-11106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WC7500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7520",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 2.5.0.46"
}
]
}
},
{
"product_name": "WC7600v1",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7600v2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC9500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "netgear",
"cveId": "CVE-2018-11106",
"datePublished": "2020-04-01T16:31:45",
"dateReserved": "2018-05-15T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-21123 (GCVE-0-2018-21123)
Vulnerability from nvd – Published: 2020-04-22 15:48 – Updated: 2024-08-05 12:19
VLAI?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T15:48:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21123",
"datePublished": "2020-04-22T15:48:06",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11106 (GCVE-0-2018-11106)
Vulnerability from nvd – Published: 2020-04-01 16:31 – Updated: 2024-08-05 07:54
VLAI?
Summary
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WC7500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7520",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 2.5.0.46"
}
]
},
{
"product": "WC7600v1",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7600v2",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC9500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
}
],
"datePublic": "2018-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T16:31:45",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "netgear"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@netgear.com",
"ID": "CVE-2018-11106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WC7500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7520",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 2.5.0.46"
}
]
}
},
{
"product_name": "WC7600v1",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7600v2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC9500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "netgear",
"cveId": "CVE-2018-11106",
"datePublished": "2020-04-01T16:31:45",
"dateReserved": "2018-05-15T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}