Sign-up

ID

VAR-202004-1303


CVE

CVE-2017-18790


TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014946

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. NETGEAR R6700, etc. are all wireless routers from NETGEAR. The vulnerability stems from a configuration error in the network system or product during operation

Trust: 2.16

sources: NVD: CVE-2017-18790 // JVNDB: JVNDB-2017-014946 // CNVD: CNVD-2021-61043

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61043

AFFECTED PRODUCTS

vendor:netgearmodel:r7000scope:ltversion:1.0.9.10

Trust: 1.6

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.32

Trust: 1.6

vendor:netgearmodel:r7900scope:ltversion:1.0.1.18

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.0.1.26

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.100

Trust: 1.6

vendor:netgearmodel:r8000scope:ltversion:1.0.3.54

Trust: 1.6

vendor:netgearmodel:r6700scope:eqversion:1.0.1.26

Trust: 0.8

vendor:netgearmodel:r7000scope:eqversion:1.0.9.10

Trust: 0.8

vendor:netgearmodel:r7100lgscope:eqversion:1.0.0.32

Trust: 0.8

vendor:netgearmodel:r7900scope:eqversion:1.0.1.18

Trust: 0.8

vendor:netgearmodel:r8000scope:eqversion:1.0.3.54

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.100

Trust: 0.8

sources: CNVD: CNVD-2021-61043 // JVNDB: JVNDB-2017-014946 // NVD: CVE-2017-18790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18790
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18790
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014946
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61043
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1814
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18790
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014946
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61043
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18790
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18790
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014946
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61043 // JVNDB: JVNDB-2017-014946 // CNNVD: CNNVD-202004-1814 // NVD: CVE-2017-18790 // NVD: CVE-2017-18790

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014946 // NVD: CVE-2017-18790

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1814

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1814

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014946

PATCH
title:Security Advisory for Sensitive Information Disclosure Vulnerability on Some Routers, PSV-2017-0317url:https://kb.netgear.com/000049372/Security-Advisory-for-Sensitive-Information-Disclosure-Vulnerability-on-Some-Routers-PSV-2017-0317
Trust: 0.8
title:Patch for Information Disclosure Vulnerabilities in Multiple NETGEAR Products (CNVD-2021-61043)url:https://www.cnvd.org.cn/patchInfo/show/284566
Trust: 0.6
title:Multiple NETGEAR Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116291
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61043 // 
            
            
            
            JVNDB: JVNDB-2017-014946 // 
            
            
            
            CNNVD: CNNVD-202004-1814

EXTERNAL IDS
db:NVDid:CVE-2017-18790
Trust: 3.0
db:JVNDBid:JVNDB-2017-014946
Trust: 0.8
db:CNVDid:CNVD-2021-61043
Trust: 0.6
db:CNNVDid:CNNVD-202004-1814
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61043 // 
            
            
            
            JVNDB: JVNDB-2017-014946 // 
            
            
            
            CNNVD: CNNVD-202004-1814 // 
            
            
            
            NVD: CVE-2017-18790

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18790
Trust: 2.0
url:https://kb.netgear.com/000049372/security-advisory-for-sensitive-information-disclosure-vulnerability-on-some-routers-psv-2017-0317
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18790
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61043 // 
            
            
            
            JVNDB: JVNDB-2017-014946 // 
            
            
            
            CNNVD: CNNVD-202004-1814 // 
            
            
            
            NVD: CVE-2017-18790

SOURCES
db:CNVDid:CNVD-2021-61043
db:JVNDBid:JVNDB-2017-014946
db:CNNVDid:CNNVD-202004-1814
db:NVDid:CVE-2017-18790

LAST UPDATE DATE
2024-11-23T22:44:36.432000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61043date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2017-014946date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1814date:2020-04-28T00:00:00
db:NVDid:CVE-2017-18790date:2024-11-21T03:20:55.820

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61043date:2020-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014946date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1814date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18790date:2020-04-21T19:15:11.833