A vulnerability has been found in Netgear D7800, DM200, R6100, R7500, R7500v2 and R7800 (Router Operating System) and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a command injection vulnerability. The CWE definition for the vulnerability is CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42.

The weakness was shared 04/27/2020 (Website). It is possible to read the advisory at kb.netgear.com. This vulnerability is known as CVE-2018-21154 since 04/20/2020. The attack needs to approached within the local network. The successful exploitation requires a single authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1202 according to MITRE ATT&CK.

Upgrading eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Netgear

Name

• D7800
• DM200
• R6100
• R7500
• R7500v2
• R7800

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion