Sign-up

ID

VAR-202004-1305


CVE

CVE-2017-18792


TITLE

NETGEAR D6100 Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014896

DESCRIPTION

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection. NETGEAR D6100 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100 is a wireless modem from NETGEAR. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18792 // JVNDB: JVNDB-2017-014896 // CNVD: CNVD-2021-61044

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61044

AFFECTED PRODUCTS

vendor:netgearmodel:d6100scope:ltversion:1.0.0.50_0.0.50

Trust: 1.0

vendor:netgearmodel:d6100scope:eqversion:1.0.0.50_0.0.50

Trust: 0.8

vendor:netgearmodel:d6100 <1.0.0.50 0.0.50scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-61044 // JVNDB: JVNDB-2017-014896 // NVD: CVE-2017-18792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18792
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18792
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014896
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-61044
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18792
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014896
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61044
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18792
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18792
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014896
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61044 // JVNDB: JVNDB-2017-014896 // NVD: CVE-2017-18792 // NVD: CVE-2017-18792

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014896 // NVD: CVE-2017-18792

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1818

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014896

PATCH
title:Security Advisory for Command Injection Vulnerability on D6100, PSV-2017-2455url:https://kb.netgear.com/000049370/Security-Advisory-for-Command-Injection-Vulnerability-on-D6100-PSV-2017-2455
Trust: 0.8
title:Patch for NETGEAR D6100 injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/284576
Trust: 0.6
title:NETGEAR D6100 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116295
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61044 // 
            
            
            
            JVNDB: JVNDB-2017-014896 // 
            
            
            
            CNNVD: CNNVD-202004-1818

EXTERNAL IDS
db:NVDid:CVE-2017-18792
Trust: 3.0
db:JVNDBid:JVNDB-2017-014896
Trust: 0.8
db:CNVDid:CNVD-2021-61044
Trust: 0.6
db:CNNVDid:CNNVD-202004-1818
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61044 // 
            
            
            
            JVNDB: JVNDB-2017-014896 // 
            
            
            
            CNNVD: CNNVD-202004-1818 // 
            
            
            
            NVD: CVE-2017-18792

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18792
Trust: 2.0
url:https://kb.netgear.com/000049370/security-advisory-for-command-injection-vulnerability-on-d6100-psv-2017-2455
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18792
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61044 // 
            
            
            
            JVNDB: JVNDB-2017-014896 // 
            
            
            
            CNNVD: CNNVD-202004-1818 // 
            
            
            
            NVD: CVE-2017-18792

SOURCES
db:CNVDid:CNVD-2021-61044
db:JVNDBid:JVNDB-2017-014896
db:CNNVDid:CNNVD-202004-1818
db:NVDid:CVE-2017-18792

LAST UPDATE DATE
2024-11-23T22:16:30.490000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61044date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2017-014896date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1818date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18792date:2024-11-21T03:20:56.140

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61044date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014896date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1818date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18792date:2020-04-21T19:15:11.957