CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-21123

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 5.8

References

https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230
https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230

Products affected by CVE-2018-21123

Netgear » Wc7500 » Version: N/A

cpe:2.3:h:netgear:wc7500:-
Netgear » Wc7520 » Version: N/A

cpe:2.3:h:netgear:wc7520:-
Netgear » Wc7600 » Version: v1

cpe:2.3:h:netgear:wc7600:v1
Netgear » Wc7600 » Version: v2

cpe:2.3:h:netgear:wc7600:v2
Netgear » Wc7500 Firmware » Version: 6.5.3.5

cpe:2.3:o:netgear:wc7500_firmware:6.5.3.5
Netgear » Wc7520 Firmware » Version: 2.5.0.46

cpe:2.3:o:netgear:wc7520_firmware:2.5.0.46
Netgear » Wc7600 Firmware » Version: Any

cpe:2.3:o:netgear:wc7600_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-21123

Products

Pricing

Contact Us