VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 22, 2020· Updated Aug 5, 2024

CVE-2017-18769

CVE-2017-18769

Description

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple NETGEAR devices are vulnerable to arbitrary file read, allowing an attacker to read sensitive files on the device.

Vulnerability

An arbitrary file read vulnerability exists in certain NETGEAR routers, gateways, and extenders. The vulnerability allows an unauthenticated attacker to read arbitrary files on the device. Affected models include D6220, D6400, D7000, D7800, D8500, DGN2200v4, DGN2200Bv4, EX6200v2, EX7000, JR6150, R6050, R6100, R6150, R6220, R6250, R6300v2, R6400, R6400v2, R6700, R6700v2, R6800, R6900, R6900P, R6900v2, R7000, R7000P, R7100LG, R7300, R7500, R7500v2, R7800, R7900, R8000, R8300, R8500, R9000, WNDR3400v3, WNDR3700v4, WNDR4300v1, WNDR4300v2, WNDR4500v3, and WNR3500Lv2. Affected firmware versions are those prior to the fixed versions listed in the advisory [1].

Exploitation

An attacker can exploit this vulnerability without authentication by sending a specially crafted request to the affected device over the network. No user interaction is required. The exact attack vector is not detailed in the available references, but the advisory confirms remote exploitation is possible [1].

Impact

Successful exploitation allows an attacker to read arbitrary files from the device's filesystem, potentially including sensitive configuration files, credentials, or other data. This could lead to further compromise of the device or network.

Mitigation

NETGEAR has released firmware updates to fix this vulnerability. Users should update their devices to the latest firmware versions as specified in the advisory [1]: D6220 to 1.0.0.40, D6400 to 1.0.0.74, D7000 to 1.0.1.60, D7800 to 1.0.1.34, D8500 to 1.0.3.39, DGN2200v4 to 1.0.0.94, DGN2200Bv4 to 1.0.0.94, EX6200v2 to 1.0.1.50, EX7000 to 1.0.0.56, JR6150 to 1.0.1.18, R6050 to 1.0.1.10J, R6100 to 1.0.1.16, R6150 to 1.0.1.10, R6220 to 1.1.0.50, R6250 to 1.0.4.12, R6300v2 to 1.0.4.12, R6400 to 1.0.1.24, R6400v2 to 1.0.2.32, R6700 to 1.0.1.26, R6700v2 to 1.2.0.4, R6800 to 1.0.1.10, R6900 to 1.0.1.26, R6900P to 1.0.0.58, R6900v2 to 1.2.0.4, R7000 to 1.0.9.6, R7000P to 1.0.0.58, R7100LG to 1.0.0.32, R7300 to 1.0.0.54, R7500 to 1.0.0.112, R7500v2 to 1.0.3.20, R7800 to 1.0.2.36, R7900 to 1.0.1.18, R8000 to 1.0.3.48, R8300 to 1.0.2.104, R8500 to 1.0.2.104, R9000 to 1.0.2.40, WNDR3400v3 to 1.0.1.14, WNDR3700v4 to 1.0.2.96, WNDR4300v1 to 1.0.2.98, WNDR4300v2 to 1.0.0.48, WNDR4500v3 to 1.0.0.48, and WNR3500Lv2 to 1.2.0.44. No workaround is mentioned. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.

References
  1. Security Advisory for Arbitrary File Read on Some Routers, Gateways, and Extenders, PSV-2016-0122

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.