VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 22, 2020· Updated Aug 5, 2024

CVE-2017-18778

CVE-2017-18778

Description

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300v1 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple NETGEAR routers and gateways contain a security misconfiguration that could allow unauthorized access or information disclosure; fixed firmware was released in 2017–2018.

Vulnerability

A security misconfiguration vulnerability exists in numerous NETGEAR routers and gateways, including D6220 (before 1.0.0.28), D6400 (before 1.0.0.60), D7000 (before 1.0.1.52), D7000v2 (before 1.0.0.38), D7800 (before 1.0.1.24), D8500 (before 1.0.3.29), JNR1010v2 (before 1.1.0.44), JR6150 (before 1.0.1.14), JWNR2010v5 (before 1.1.0.44), PR2000 (before 1.0.0.20), R6050 (before 1.0.1.14), R6220 (before 1.1.0.60), R6400 (before 1.1.0.26), R6400v2 (before 1.0.2.46), R6700v2 (before 1.2.0.2), R6800 (before 1.2.0.2), R6900v2 (before 1.2.0.2), R7100LG (before 1.0.0.32), R7300DST (before 1.0.0.56), R7500 (before 1.0.0.112), R7500v2 (before 1.0.3.24), R7800 (before 1.0.2.36), R7900P (before 1.1.4.6), R8000P (before 1.1.4.6), R8300 (before 1.0.2.104), R8500 (before 1.0.2.104), R9000 (before 1.0.2.52), WNDR3700v4 (before 1.0.2.94), WNDR3700v5 (before 1.1.0.50), WNDR4300v1 (before 1.0.2.96), WNDR4300v2 (before 1.0.0.52), WNDR4500v3 (before 1.0.0.52), WNR1000v4 (before 1.1.0.44), WNR2020 (before 1.1.0.44), and WNR2050 (before 1.1.0.44). The exact nature of the incorrect security configuration is not publicly detailed, but the vulnerability stems from settings on the device that are not properly hardened [1]. No special configuration beyond default operation is required to expose the flaw.

Exploitation

According to the vendor advisory, the vulnerability can be exploited remotely without authentication; an attacker on the same network or from the WAN side may leverage the misconfigured security settings to gain unauthorized access [1]. No user interaction is required. The specific steps are not disclosed, but the advisory indicates that the misconfiguration allows bypass of intended security controls.

Impact

Successful exploitation could lead to unauthorized access to device configuration or management interfaces, potentially resulting in information disclosure or further compromise of the network [1]. The attacker could gain elevated privileges (administrative access) on the affected device, depending on the specific misconfiguration.

Mitigation

NETGEAR has released fixed firmware versions for all affected products, as listed in the advisory [1]. Users should update their device firmware to the specified patched version or later. No workaround is provided; the vulnerability is remediated only by applying the firmware update. The affected devices are not listed on the CISA KEV as of this writing. If a device is end-of-life and no firmware is available, replacement is recommended.

References
  1. Security Advisory for Security Misconfiguration on Some Routers and Gateways, PSV-2017-2957

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.