CVE-2017-18802
Description
Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR devices vulnerable to command injection, allowing authenticated attackers to execute arbitrary commands.
Vulnerability
A command injection vulnerability exists in multiple NETGEAR devices, affecting the web management interface. The vulnerability can be exploited by an authenticated attacker with high privileges to inject arbitrary commands. Affected models include R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22 [1].
Exploitation
An attacker must have local network access and administrative credentials to the device. No user interaction is required. The attacker can exploit the vulnerability by sending crafted requests to the management interface, leading to command injection [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands with root privileges, leading to full compromise of confidentiality, integrity, and availability of the device [1].
Mitigation
NETGEAR has released fixed firmware versions for all affected models: R6100 1.0.1.14, R7500 1.0.0.110, R7500v2 1.0.3.16, R7800 1.0.2.32, EX6200v2 1.0.1.50, and D7800 1.0.1.22. Users should download and install the latest firmware from NETGEAR Support [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/R6100description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.