CVE-2017-18854
Description
NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated command injection in NETGEAR ReadyNAS OS 6.6.1 and earlier allows an admin to execute arbitrary OS commands.
Vulnerability
NETGEAR ReadyNAS OS 6 storage systems running version 6.6.1 or earlier are affected by an operating system command injection vulnerability [1]. The flaw exists in the web interface and can be triggered by an authenticated attacker with administrator credentials [1].
Exploitation
An attacker must have access to the local area network and possess valid administrator credentials for the ReadyNAS device [1]. With these privileges, the attacker can inject arbitrary OS commands through the vulnerable interface, leading to execution on the underlying system [1].
Impact
Successful exploitation allows the attacker to execute arbitrary operating system commands with high privileges, resulting in full compromise of confidentiality, integrity, and availability of the storage system [1]. The CVSS v3 score is 6.7 (Medium) [1].
Mitigation
NETGEAR released ReadyNAS OS version 6.6.2 which fixes this vulnerability [1]. All affected users should upgrade to 6.6.2 or later immediately [1]. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- NETGEAR/ReadyNASdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.