CVE-2017-18747

Vulnerability

A security misconfiguration affects several NETGEAR range extender models, including EX3700, EX3800, EX6000, EX6130, EX6400, EX7000, EX7300, and WN2500RPv2, before the firmware versions listed in the advisory [1]. The exact configuration weakness is not publicly detailed, but the vulnerability allows an attacker to impact the device's security settings [1].

Exploitation

The CVSS vector indicates that an attacker with adjacent network access can exploit the vulnerability without credentials or user interaction (CVSS:3.0/AV:A/AC:L/PR:N/UI:N) [1]. The specific steps are not documented, but the misconfiguration allows unauthorized access to device functionality.

Impact

Successful exploitation results in high impact on confidentiality, integrity, and availability (CVSS:3.0/C:H/I:H/A:H) [1]. An attacker gains full control of the device, potentially reading sensitive data, modifying configuration, or causing denial of service. The compromise is at the device level with no privilege escalation needed.

Mitigation

NETGEAR has released firmware updates to fix the vulnerability. Affected devices should be upgraded to the following versions or later: EX3700/EX3800 to 1.0.0.64, EX6000 to 1.0.0.24, EX6130 to 1.0.0.16, EX6400/EX7300 to 1.0.1.60, EX7000 to 1.0.0.50, and WN2500RPv2 to 1.0.1.46 [1]. No workarounds are available; installing the latest firmware is the only remedy.