Details of VAR-202004-1307

ID

VAR-202004-1307

CVE

CVE-2017-18794

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014926

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR R6700 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands

Trust: 2.16

sources: NVD: CVE-2017-18794 // JVNDB: JVNDB-2017-014926 // CNVD: CNVD-2021-63372

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-63372

AFFECTED PRODUCTS

vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.24	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.10	Trust: 1.6
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.26	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.100	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.54	Trust: 1.6
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.8_10.0.77	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	lt	version:	1.0.0.50_0.0.50	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	eq	version:	1.0.0.50_0.0.50	Trust: 0.8
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.8_10.0.77	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.24	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.26	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.10	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.54	Trust: 0.8
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.100	Trust: 0.8
vendor:	netgear	model:	d6100 <1.0.0.50 0.0.50	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6300v2 <1.0.4.8 10.0.77	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-63372 // JVNDB: JVNDB-2017-014926 // NVD: CVE-2017-18794

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18794
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18794
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014926
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-63372
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1821
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18794
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014926
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-63372
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18794
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18794
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014926
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-63372 // JVNDB: JVNDB-2017-014926 // CNNVD: CNNVD-202004-1821 // NVD: CVE-2017-18794 // NVD: CVE-2017-18794

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014926 // NVD: CVE-2017-18794

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1821

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1821

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014926

PATCH

title:	Security Advisory for Command Injection Vulnerability on D6100 and Some Routers, PSV-2017-0321	url:	https://kb.netgear.com/000049368/Security-Advisory-for-Command-Injection-Vulnerability-on-D6100-and-Some-Routers-PSV-2017-0321	Trust: 0.8
title:	Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-63372)	url:	https://www.cnvd.org.cn/patchInfo/show/287146	Trust: 0.6
title:	Multiple NETGEAR Fixing measures for product injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117216	Trust: 0.6

sources: CNVD: CNVD-2021-63372 // JVNDB: JVNDB-2017-014926 // CNNVD: CNNVD-202004-1821

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18794	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014926	Trust: 0.8
db:	CNVD	id:	CNVD-2021-63372	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1821	Trust: 0.6

sources: CNVD: CNVD-2021-63372 // JVNDB: JVNDB-2017-014926 // CNNVD: CNNVD-202004-1821 // NVD: CVE-2017-18794

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18794	Trust: 2.0
url:	https://kb.netgear.com/000049368/security-advisory-for-command-injection-vulnerability-on-d6100-and-some-routers-psv-2017-0321	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18794	Trust: 0.8

sources: CNVD: CNVD-2021-63372 // JVNDB: JVNDB-2017-014926 // CNNVD: CNNVD-202004-1821 // NVD: CVE-2017-18794

SOURCES

db:	CNVD	id:	CNVD-2021-63372
db:	JVNDB	id:	JVNDB-2017-014926
db:	CNNVD	id:	CNNVD-202004-1821
db:	NVD	id:	CVE-2017-18794

LAST UPDATE DATE

2024-11-23T22:29:39.114000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-63372	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-014926	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1821	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18794	date:	2024-11-21T03:20:56.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-63372	date:	2020-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-014926	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1821	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18794	date:	2020-04-21T19:15:12.097