Details of VAR-202004-1302

ID

VAR-202004-1302

CVE

CVE-2017-18789

TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014875

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6250 before V1.0.4.8, R6400 before V1.0.1.22, R6400v2 before V1.0.2.32, R7100LG before V1.0.0.32, R7300 before V1.0.0.52, R8300 before V1.0.2.94, R8500 before V1.0.2.100, D6220 before V1.0.0.28, D6400 before V1.0.0.60, and D8500 before V1.0.3.29. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6400 is a wireless router. NETGEAR R8300 is a wireless router

Trust: 2.16

sources: NVD: CVE-2017-18789 // JVNDB: JVNDB-2017-014875 // CNVD: CNVD-2020-31316

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31316

AFFECTED PRODUCTS

vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.60	Trust: 1.6
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.29	Trust: 1.6
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.94	Trust: 1.6
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.28	Trust: 1.6
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.8	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.22	Trust: 1.6
vendor:	netgear	model:	r7300	scope:	lt	version:	1.0.0.52	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.100	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.32	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.28	Trust: 0.8
vendor:	netgear	model:	d6400	scope:	eq	version:	1.0.0.60	Trust: 0.8
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.29	Trust: 0.8
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.22	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.32	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	r7300	scope:	eq	version:	1.0.0.52	Trust: 0.8
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.94	Trust: 0.8
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.100	Trust: 0.8
vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.2.32	Trust: 0.6

sources: CNVD: CNVD-2020-31316 // JVNDB: JVNDB-2017-014875 // NVD: CVE-2017-18789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18789
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18789
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014875
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-31316
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1864
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18789
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014875
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31316
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18789
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18789
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014875
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31316 // JVNDB: JVNDB-2017-014875 // CNNVD: CNNVD-202004-1864 // NVD: CVE-2017-18789 // NVD: CVE-2017-18789

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014875 // NVD: CVE-2017-18789

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1864

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1864

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014875

PATCH

title:	Security Advisory for Sensitive Information Disclosure Vulnerability on Some Routers and Some DSL Modem Routers, PSV-2017-0426	url:	https://kb.netgear.com/000049373/Security-Advisory-for-Sensitive-Information-Disclosure-Vulnerability-on-Some-Routers-and-Some-DSL-Modem-Routers-PSV-2017-0426	Trust: 0.8
title:	Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-31316)	url:	https://www.cnvd.org.cn/patchInfo/show/220095	Trust: 0.6
title:	Multiple NETGEAR Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117000	Trust: 0.6

sources: CNVD: CNVD-2020-31316 // JVNDB: JVNDB-2017-014875 // CNNVD: CNNVD-202004-1864

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18789	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014875	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31316	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1864	Trust: 0.6

sources: CNVD: CNVD-2020-31316 // JVNDB: JVNDB-2017-014875 // CNNVD: CNNVD-202004-1864 // NVD: CVE-2017-18789

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18789	Trust: 2.0
url:	https://kb.netgear.com/000049373/security-advisory-for-sensitive-information-disclosure-vulnerability-on-some-routers-and-some-dsl-modem-routers-psv-2017-0426	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18789	Trust: 0.8

sources: CNVD: CNVD-2020-31316 // JVNDB: JVNDB-2017-014875 // CNNVD: CNNVD-202004-1864 // NVD: CVE-2017-18789

SOURCES

db:	CNVD	id:	CNVD-2020-31316
db:	JVNDB	id:	JVNDB-2017-014875
db:	CNNVD	id:	CNNVD-202004-1864
db:	NVD	id:	CVE-2017-18789

LAST UPDATE DATE

2024-11-23T23:04:25.209000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31316	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014875	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1864	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18789	date:	2024-11-21T03:20:55.663

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31316	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014875	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1864	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18789	date:	2020-04-22T14:15:11.877