Unrated severityNVD Advisory· Published May 5, 2020· Updated Aug 5, 2024

CVE-2017-18866

Description

Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple NETGEAR routers are affected by stored cross-site scripting (XSS) through unpatched firmware versions, enabling malicious script injection.

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in several NETGEAR router models. Affected devices include the R9000 before firmware version 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58 [1]. The vulnerability is classified as stored XSS, meaning the malicious script is permanently stored on the target server or device and executed when a user accesses the affected page.

Exploitation

An attacker must be on the same network as the target router (adjacent access) to exploit this vulnerability [1]. The attacker does not need authentication, but user interaction is required; the victim must click on a crafted link or visit a page containing the injected script. The CVSS vector indicates the attack complexity is low, and the attack requires user interaction (AV:A/AC:L/PR:N/UI:R) [1]. The exact injection point and required sequence of steps are not fully detailed in the available references but rely on the ability to submit and store malicious content that the router's web interface later renders.

Impact

Successful exploitation results in the disclosure of sensitive information or the ability to manipulate web content within the user's session, as reflected in the CVSS scope change (S:C) and confidentiality/integrity impact (C:L/I:L) [1]. The attacker gains no availability impact (A:N) and does not achieve full control of the device, but can steal session cookies, deface pages, or perform actions on behalf of the authenticated user within the router's management interface.

Mitigation

NETGEAR has released fixed firmware versions for all affected models [1]. Users should upgrade to the following versions or later: R9000 to 1.0.2.40, R6100 to 1.0.1.1, 6R7500 to 1.0.0.110, R7500v2 to 1.0.3.20, R7800 to 1.0.2.36, WNDR4300v2 to 1.0.0.48, and WNR2000v5 to 1.0.0.58 [1]. No workarounds are mentioned, and NETGEAR recommends immediately updating firmware via the support page. The advisory was published in 2020, and no evidence of inclusion in the CISA Known Exploited Vulnerabilities (KEV) catalog was found in the given references.

References

Security Advisory for Stored Cross Site Scripting on Routers, PSV-2016-0100

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/R6100llm-create
Range: <1.0.1.1
Netgear/R7500llm-create
Range: <1.0.0.110
Netgear/R7500v2llm-create
Range: <1.0.3.20
Netgear/WNDR4300v2llm-create
Range: <1.0.0.48
Netgear/R9000llm-fuzzy
Range: <1.0.2.40
Netgear/R7800llm-fuzzy
Range: <1.0.2.36
Netgear/WNR2000v5llm-fuzzy
Range: <1.0.0.58

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000