Unrated severityNVD Advisory· Published Apr 21, 2020· Updated Aug 5, 2024

CVE-2017-18799

Description

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A security misconfiguration in multiple NETGEAR routers and modems allows unauthenticated remote attackers to access sensitive information.

Vulnerability

A security misconfiguration vulnerability exists in several NETGEAR router and modem models. Affected devices include the R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28. The firmware on these devices contains an incorrect configuration of security settings, which can be exploited without any authentication or user interaction. No special conditions or configuration changes are required to reach the vulnerable code path; the issue is present in the default firmware state. [1]

Exploitation

An attacker can exploit this vulnerability remotely over the network without needing any prior authentication or special privileges. The attack does not require user interaction. By sending specially crafted requests to affected devices, an attacker can probe for and access sensitive information due to the misconfigured security settings. The exact mechanism is not detailed in the available references, but the CVSS vector indicates network-based, low-complexity exploitation with no privileges required and no user interaction. [1]

Impact

Successful exploitation leads to unauthorized disclosure of confidential information from the device, compromising confidentiality. The CVSS v3 score is 7.5 (High) with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that the impact is limited to high confidentiality impact, with no impact on integrity or availability, and the scope remains unchanged. An attacker can gain access to sensitive data stored or processed by the affected router or modem. [1]

Mitigation

NETGEAR has released fixed firmware versions to address this vulnerability. Users are strongly recommended to download and install the latest firmware immediately. The specific fixed versions are: R6200v2 firmware 1.0.3.14, R6250 firmware 1.0.4.8, R6300v2 firmware 1.0.4.8, R6700 firmware 1.1.1.20, R7000 firmware 1.0.7.10, R7000P/R6900P firmware 1.0.0.56, R7100LG firmware 1.0.0.30, R7900 firmware 1.0.1.14, R8000 firmware 1.0.3.22, R8500 firmware 1.0.2.74, and D8500 firmware 1.0.3.28. No workarounds are listed in the advisory if a device cannot be upgraded. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]

References

Security Advisory for Security Misconfiguration Vulnerability on D8500 and Some Routers, PSV-2017-0528

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/R6200v2description
Netgear/R6200v2llm-create
Range: <1.0.3.14
Netgear/R6250llm-fuzzy
Range: <1.0.4.8
Netgear/R6300v2llm-fuzzy
Range: <1.0.4.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000049357/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-D8500-and-Some-Routers-PSV-2017-0528mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000