{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T00:58:00.324","vulnerabilities":[{"cve":{"id":"CVE-2018-11106","sourceIdentifier":"a2826606-91e7-4eb6-899e-8484bd4575d5","published":"2020-04-01T17:15:14.737","lastModified":"2024-11-21T03:42:41.457","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."},{"lang":"es","value":"NETGEAR presenta correcciones publicadas para una inyección de comando previa a la autenticación en una vulnerabilidad de seguridad del archivo request_handler.php en los siguientes modelos de producto: WC7500, ejecutando versiones de firmware anteriores a 6.5.3.5; WC7520, ejecutando versiones de firmware anteriores a 2.5.0.46; WC7600v1, ejecutando versiones de firmware anteriores a 6.5.3.5; WC7600v2, ejecutando versiones de firmware anteriores a 6.5.3.5; y WC9500, ejecutando versiones de firmware anteriores a 6.5.3.5."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5.3.5","matchCriteriaId":"8184DF48-1CCE-4950-921B-8A825D8CDD71"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*","matchCriteriaId":"EB22B065-8EC8-4DA7-984A-CCB6919AF8F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:wc7520_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0.46","matchCriteriaId":"86CD35ED-0A90-4932-976B-A7666B3D7C7A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:wc7520:-:*:*:*:*:*:*:*","matchCriteriaId":"A58C9FE8-4BD5-41F9-9714-2D8083A51D98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:wc7600v1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5.3.5","matchCriteriaId":"3D3D43A9-6A00-4498-BEC5-46A11604A1A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:wc7600v1:-:*:*:*:*:*:*:*","matchCriteriaId":"8EB1A3EC-1069-40FC-BDDF-C3AC93E037C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:wc7600v2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5.3.5","matchCriteriaId":"EB9D9CAF-D9FC-4E42-9C80-DE53C75AD578"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:wc7600v2:-:*:*:*:*:*:*:*","matchCriteriaId":"4C8BB1F1-A12D-43CC-A6D0-9633E99D746B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:wc9500_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5.3.5","matchCriteriaId":"8073AB91-0F60-4EF8-9347-EB0EA6C76A76"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:wc9500:-:*:*:*:*:*:*:*","matchCriteriaId":"113D0DF6-C719-4A43-80B2-463EC4323009"}]}]}],"references":[{"url":"https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051","source":"a2826606-91e7-4eb6-899e-8484bd4575d5"},{"url":"https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}