CVE-2017-18797
Description
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR routers R6400, R7900, R8000, R8500 are vulnerable to arbitrary file read, fixed in firmware updates.
Vulnerability
An arbitrary file read vulnerability exists in several NETGEAR routers, allowing an attacker to read arbitrary files from the device's filesystem. Affected models and firmware versions are: R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100 [1]. No authentication is required to trigger the vulnerability.
Exploitation
An attacker with local network access (CVSSv3 vector AV:L) can exploit this vulnerability without authentication or user interaction [1]. The specific mechanism is not disclosed but the advisory confirms the attack vector is local, meaning the attacker must be on the same network as the target router.
Impact
Successful exploitation allows the attacker to read arbitrary files on the device, leading to confidentiality compromise (CVSSv3 confidentiality impact: HIGH). This could expose sensitive information such as configuration files, passwords, or other stored data [1]. Integrity and availability are not affected.
Mitigation
NETGEAR has released fixed firmware versions: R6400 firmware 1.0.1.24, R7900 firmware 1.0.1.18, R8000 firmware 1.0.3.54, and R8500 firmware 1.0.2.100 [1]. Users should update to the latest firmware immediately. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- NETGEAR/R6400description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.