CVE-2017-18795
Description
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection vulnerability in NETGEAR D6220 and D6100 routers allows authenticated high-privilege attackers to execute arbitrary commands.
Vulnerability
A command injection vulnerability exists in NETGEAR D6220 and D6100 routers. Affected firmware versions are D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50 [1]. The vulnerability allows an attacker to inject operating system commands through a vulnerable component.
Exploitation
An attacker must have administrative privileges (high privileges) and local access to the device (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). With these privileges, the attacker can send crafted input that triggers command injection, leading to arbitrary command execution.
Impact
Successful exploitation grants the attacker the ability to execute arbitrary commands with elevated privileges, resulting in full compromise of the device's confidentiality, integrity, and availability.
Mitigation
NETGEAR has released fixed firmware versions: D6220 firmware 1.0.0.28 and D6100 firmware 1.0.0.50_0.0.50 [1]. Users should update to these versions immediately. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- NETGEAR/D6220description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.