CVE-2018-21114

Summary

CVE	CVE-2018-21114
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-04-22 15:15:00 UTC
Updated	2020-04-24 19:27:00 UTC
Description	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Risk And Classification

Problem Types: CWE-74

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Netgear	D7800	-	All	All	All
Hardware	Netgear	D7800	-	All	All	All
Operating System	Netgear	D7800 Firmware	All	All	All	All
Operating System	Netgear	D7800 Firmware	All	All	All	All
Hardware	Netgear	Ex6100	v2	All	All	All
Hardware	Netgear	Ex6100	v2	All	All	All
Operating System	Netgear	Ex6100 Firmware	All	All	All	All
Operating System	Netgear	Ex6100 Firmware	All	All	All	All
Hardware	Netgear	Ex6150	v2	All	All	All
Hardware	Netgear	Ex6150	v2	All	All	All
Operating System	Netgear	Ex6150 Firmware	All	All	All	All
Operating System	Netgear	Ex6150 Firmware	All	All	All	All
Hardware	Netgear	Ex6200	v2	All	All	All
Hardware	Netgear	Ex6200	v2	All	All	All
Operating System	Netgear	Ex6200 Firmware	All	All	All	All
Operating System	Netgear	Ex6200 Firmware	All	All	All	All
Hardware	Netgear	Ex6400	-	All	All	All
Hardware	Netgear	Ex6400	-	All	All	All
Operating System	Netgear	Ex6400 Firmware	All	All	All	All
Operating System	Netgear	Ex6400 Firmware	All	All	All	All
Hardware	Netgear	Ex7300	-	All	All	All
Hardware	Netgear	Ex7300	-	All	All	All
Operating System	Netgear	Ex7300 Firmware	All	All	All	All
Operating System	Netgear	Ex7300 Firmware	All	All	All	All
Hardware	Netgear	R6100	-	All	All	All
Hardware	Netgear	R6100	-	All	All	All
Operating System	Netgear	R6100 Firmware	All	All	All	All
Operating System	Netgear	R6100 Firmware	All	All	All	All
Hardware	Netgear	R7500	-	All	All	All
Hardware	Netgear	R7500	-	All	All	All
Operating System	Netgear	R7500 Firmware	All	All	All	All
Operating System	Netgear	R7500 Firmware	All	All	All	All
Hardware	Netgear	R7800	-	All	All	All
Hardware	Netgear	R7800	-	All	All	All
Operating System	Netgear	R7800 Firmware	All	All	All	All
Operating System	Netgear	R7800 Firmware	All	All	All	All
Hardware	Netgear	R9000	-	All	All	All
Hardware	Netgear	R9000	-	All	All	All
Operating System	Netgear	R9000 Firmware	All	All	All	All
Operating System	Netgear	R9000 Firmware	All	All	All	All
Hardware	Netgear	Wn3000rp	v2	All	All	All
Hardware	Netgear	Wn3000rp	v3	All	All	All
Hardware	Netgear	Wn3000rp	v2	All	All	All
Hardware	Netgear	Wn3000rp	v3	All	All	All
Operating System	Netgear	Wn3000rp Firmware	All	All	All	All
Operating System	Netgear	Wn3000rp Firmware	All	All	All	All
Hardware	Netgear	Wndr4300	v2	All	All	All
Hardware	Netgear	Wndr4300	v2	All	All	All
Operating System	Netgear	Wndr4300 Firmware	All	All	All	All
Operating System	Netgear	Wndr4300 Firmware	All	All	All	All
Hardware	Netgear	Wndr4500	v3	All	All	All
Hardware	Netgear	Wndr4500	v3	All	All	All
Operating System	Netgear	Wndr4500 Firmware	All	All	All	All
Operating System	Netgear	Wndr4500 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Security Advisory for Post-Authentication Command Injection on Some Routers, Modem Routers, and Wireless Extenders, PSV-2017-0645 \| Answer \| NETGEAR Support	CONFIRM	kb.netgear.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.