ID
VAR-201705-3972
CVE
CVE-2017-6862
TITLE
plural NETGEAR Product authentication bypass vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2017-004544
DESCRIPTION
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. WNR2000v3, WNR2000v4, WNR2000v5 and R2000 are all Netgear router products. Multiple NETGEAR Routers are prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The following products and versions are vulnerable: WNR2000v3 devices prior to 1.1.2.14 WNR2000v4 devices prior to 1.0.0.66 WNR2000v5 devices prior to 1.0.0.42 R2000. A security vulnerability exists in NETGEAR WNR2000v3, WNR2000v4, and WNR2000v5 devices
Trust: 2.61
sources:
NVD: CVE-2017-6862 //
JVNDB: JVNDB-2017-004544 //
CNVD: CNVD-2017-05934 //
BID: 98740 //
VULHUB: VHN-115065 //
VULMON: CVE-2017-6862
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-05934
AFFECTED PRODUCTS
| vendor: | netgear | model: | wnr2000v3 | scope: | lt | version: | 1.1.2.14 | Trust: 1.0 |
| vendor: | netgear | model: | wnr2000v4 | scope: | lt | version: | 1.0.0.66 | Trust: 1.0 |
| vendor: | netgear | model: | wnr2000v5 | scope: | lt | version: | 1.0.0.42 | Trust: 1.0 |
| vendor: | ネットギア | model: | wnr2000v3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ネットギア | model: | wnr2000v5 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ネットギア | model: | wnr2000v4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | netgear | model: | wnr2000v3 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | netgear | model: | wnr2000v4 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | netgear | model: | wnr2000v5 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | netgear | model: | r2000 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | netgear | model: | wnr2000v4 | scope: | eq | version: | 1.0.0.65 | Trust: 0.6 |
| vendor: | netgear | model: | wnr2000v3 | scope: | eq | version: | 1.1.2.13 | Trust: 0.6 |
| vendor: | netgear | model: | wnr2000v5 | scope: | eq | version: | 1.0.0.41 | Trust: 0.6 |
| vendor: | netgear | model: | wnr2000v5 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | netgear | model: | wnr2000v4 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | netgear | model: | wnr2000v3 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | netgear | model: | r2000 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | netgear | model: | wnr2000v5 | scope: | ne | version: | 1.0.0.42 | Trust: 0.3 |
| vendor: | netgear | model: | wnr2000v4 | scope: | ne | version: | 1.0.0.66 | Trust: 0.3 |
| vendor: | netgear | model: | wnr2000v3 | scope: | ne | version: | 1.1.2.14 | Trust: 0.3 |
sources:
CNVD: CNVD-2017-05934 //
BID: 98740 //
JVNDB: JVNDB-2017-004544 //
CNNVD: CNNVD-201705-1317 //
NVD: CVE-2017-6862
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2017-05934 //
VULHUB: VHN-115065 //
VULMON: CVE-2017-6862 //
JVNDB: JVNDB-2017-004544 //
CNNVD: CNNVD-201705-1317 //
NVD: CVE-2017-6862
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
| problemtype: | Classic buffer overflow (CWE-120) [NVD evaluation ] | Trust: 0.8 |
| problemtype: | CWE-119 | Trust: 0.1 |
sources:
VULHUB: VHN-115065 //
JVNDB: JVNDB-2017-004544 //
NVD: CVE-2017-6862
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201705-1317
TYPE
buffer overflow
Trust: 0.6
sources:
CNNVD: CNNVD-201705-1317
PATCH
| title: | Security Advisory for Unauthenticated Remote Code Execution on Some Routers, PSV-2016-0261 | url: | https://kb.netgear.com/000038542/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-Some-Routers-PSV-2016-0261 | Trust: 0.8 |
| title: | Patch for NetgearWNR2000\\R2000 Series Buffer Overflow Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/93177 | Trust: 0.6 |
| title: | NETGEAR WNR2000v3 , WNR2000v4 and WNR2000v5 Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70611 | Trust: 0.6 |
| title: | Known Exploited Vulnerabilities Detector | url: | https://github.com/Ostorlab/KEV | Trust: 0.1 |
sources:
CNVD: CNVD-2017-05934 //
VULMON: CVE-2017-6862 //
JVNDB: JVNDB-2017-004544 //
CNNVD: CNNVD-201705-1317
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6862 | Trust: 4.3 |
| db: | BID | id: | 98740 | Trust: 1.5 |
| db: | JVNDB | id: | JVNDB-2017-004544 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201705-1317 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-05934 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-115065 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-6862 | Trust: 0.1 |
sources:
CNVD: CNVD-2017-05934 //
VULHUB: VHN-115065 //
VULMON: CVE-2017-6862 //
BID: 98740 //
JVNDB: JVNDB-2017-004544 //
CNNVD: CNNVD-201705-1317 //
NVD: CVE-2017-6862
REFERENCES
| url: | https://kb.netgear.com/000038542/security-advisory-for-unauthenticated-remote-code-execution-on-some-routers-psv-2016-0261 | Trust: 2.1 |
| url: | http://www.securityfocus.com/bid/98740 | Trust: 1.3 |
| url: | https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_netgear_wnr2000v5_-_cve-2017-6862.pdf | Trust: 1.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-6862 | Trust: 0.8 |
| url: | https://cisa.gov/known-exploited-vulnerabilities-catalog | Trust: 0.8 |
| url: | http://www.securityweek.com/netgear-patches-rce-flaws-routers-switches | Trust: 0.6 |
| url: | http://www.netgear.com | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/119.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://github.com/ostorlab/kev | Trust: 0.1 |
sources:
CNVD: CNVD-2017-05934 //
VULHUB: VHN-115065 //
VULMON: CVE-2017-6862 //
BID: 98740 //
JVNDB: JVNDB-2017-004544 //
CNNVD: CNNVD-201705-1317 //
NVD: CVE-2017-6862
CREDITS
Maxime Peterlin
Trust: 0.3
sources:
BID: 98740
SOURCES
| db: | CNVD | id: | CNVD-2017-05934 |
| db: | VULHUB | id: | VHN-115065 |
| db: | VULMON | id: | CVE-2017-6862 |
| db: | BID | id: | 98740 |
| db: | JVNDB | id: | JVNDB-2017-004544 |
| db: | CNNVD | id: | CNNVD-201705-1317 |
| db: | NVD | id: | CVE-2017-6862 |
LAST UPDATE DATE
2024-11-23T23:02:28.496000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-05934 | date: | 2017-05-05T00:00:00 |
| db: | VULHUB | id: | VHN-115065 | date: | 2017-07-18T00:00:00 |
| db: | VULMON | id: | CVE-2017-6862 | date: | 2023-11-07T00:00:00 |
| db: | BID | id: | 98740 | date: | 2017-05-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-004544 | date: | 2024-07-02T06:59:00 |
| db: | CNNVD | id: | CNNVD-201705-1317 | date: | 2017-05-27T00:00:00 |
| db: | NVD | id: | CVE-2017-6862 | date: | 2024-11-21T03:30:41.180 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-05934 | date: | 2017-05-04T00:00:00 |
| db: | VULHUB | id: | VHN-115065 | date: | 2017-05-26T00:00:00 |
| db: | VULMON | id: | CVE-2017-6862 | date: | 2017-05-26T00:00:00 |
| db: | BID | id: | 98740 | date: | 2017-05-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-004544 | date: | 2017-06-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201705-1317 | date: | 2017-05-27T00:00:00 |
| db: | NVD | id: | CVE-2017-6862 | date: | 2017-05-26T20:29:00.177 |