CVE-2017-18866

Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Published: May 5, 2020
Updated: Apr 13, 2023
CVE: CVE-2017-18866
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
netgear / 6r7500_firmware	-	1.0.0.110
netgear / r6100_firmware	-	1.0.1.1
netgear / r7500_firmware	-	1.0.3.20
netgear / r7800_firmware	-	1.0.2.36
netgear / r9000_firmware	-	1.0.2.40
netgear / wndr4300_firmware	-	1.0.0.48
netgear / wnr2000_firmware	-	1.0.0.58

https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100

Vulnerability Database

289,697

CVE-2017-18866