CVE-2018-21227 - Netgear R7000p Firmware, Netgear D7800 Firmware and Netgear R6900p Firmware

April 24, 2020

Moderate 6.8

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Affected software

Netgear R7000p Firmware

Netgear D7800 Firmware

Netgear R6900p Firmware

Netgear R6900 Firmware

Netgear Wndr4500 Firmware

Netgear R9000 Firmware

Netgear R6400 Firmware

Netgear R7800 Firmware

Netgear R6700 Firmware

Netgear Wndr4300 Firmware

Netgear R7500 Firmware

Netgear R7000 Firmware

Reference links

https://kb.netgear.com/000055109/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-0737

CVE-2018-21227 - Netgear R7000p Firmware, Netgear D7800 Firmware and Netgear R6900p Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software