VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 22, 2020· Updated Aug 5, 2024

CVE-2017-18755

CVE-2017-18755

Description

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple NETGEAR routers are vulnerable to cross-site request forgery, allowing remote attackers to perform unauthorized actions.

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in the web interface of multiple NETGEAR routers and modem routers. Affected devices include R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48 [1]. The vulnerability allows an attacker to forge requests if an authenticated user interacts with a malicious link or page.

Exploitation

An attacker can exploit this CSRF vulnerability by tricking an authenticated user into clicking a crafted link or visiting a malicious web page while logged into the router's web interface. No authentication is required for the attacker, and the attack can be launched remotely over the network (CVSS v3 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) [1]. Successful exploitation requires user interaction, such as clicking a link.

Impact

If exploited, the attacker can perform actions on the router with the same privileges as the authenticated user, such as changing security settings, modifying configuration, or initiating firmware updates. This could lead to full compromise of the device and the network it manages. The CVSS v3 base score is 8.8 (High) [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models [1]. Users should update to the latest firmware as soon as possible: - R6300v2 to 1.0.4.8 or later - R6400v2 to 1.0.2.32 or later - R6700 to 1.0.1.22 or later - R6900 to 1.0.1.22 or later - R7000P to 1.0.0.86 or later - R6900P to 1.0.0.56 or later - R7300 to 1.0.0.54 or later - R8300 to 1.0.2.106 or later - R8500 to 1.0.2.106 or later - DGN2200v4 to 1.0.0.86 or later - DGND2200Bv4 to 1.0.0.86 or later - R6050 to 1.0.0.86 or later - JR6150 to 1.0.1.10 or later - R6220 to 1.1.0.50 or later - WNDR3700v5 to V1.1.0.48 or later

No workarounds are available; updating firmware is the only mitigation.

References
  1. Security Advisory for Cross Site Request Forgery on Routers and Modem Routers, PSV-2017-0333

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.