CVE-2018-21227

medium

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

References

https://kb.netgear.com/000055109/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-0737

Details

Source: Mitre, NVD

Published: 2020-04-24

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.2

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00136