Sign-up

ID

VAR-202004-1310


CVE

CVE-2017-18797


TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014948

DESCRIPTION

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R6400, etc. are all wireless routers from NETGEAR. There are security vulnerabilities in many NETGEAR products

Trust: 2.16

sources: NVD: CVE-2017-18797 // JVNDB: JVNDB-2017-014948 // CNVD: CNVD-2021-61045

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61045

AFFECTED PRODUCTS

vendor:netgearmodel:r6400scope:ltversion:1.0.1.24

Trust: 1.6

vendor:netgearmodel:r7900scope:ltversion:1.0.1.18

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.100

Trust: 1.6

vendor:netgearmodel:r8000scope:ltversion:1.0.3.54

Trust: 1.6

vendor:netgearmodel:r6400scope:eqversion:1.0.1.24

Trust: 0.8

vendor:netgearmodel:r7900scope:eqversion:1.0.1.18

Trust: 0.8

vendor:netgearmodel:r8000scope:eqversion:1.0.3.54

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.100

Trust: 0.8

sources: CNVD: CNVD-2021-61045 // JVNDB: JVNDB-2017-014948 // NVD: CVE-2017-18797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18797
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18797
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014948
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61045
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1825
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18797
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014948
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61045
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18797
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18797
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014948
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61045 // JVNDB: JVNDB-2017-014948 // CNNVD: CNNVD-202004-1825 // NVD: CVE-2017-18797 // NVD: CVE-2017-18797

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014948 // NVD: CVE-2017-18797

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1825

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1825

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014948

PATCH
title:Security Advisory for Arbitrary File Read Vulnerability on Some Routers, PSV-2017-0318url:https://kb.netgear.com/000049365/Security-Advisory-for-Arbitrary-File-Read-Vulnerability-on-Some-Routers-PSV-2017-0318
Trust: 0.8
title:Patch for Information Disclosure Vulnerabilities in Multiple NETGEAR Products (CNVD-2021-61045)url:https://www.cnvd.org.cn/patchInfo/show/284591
Trust: 0.6
title:Multiple NETGEAR Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116302
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61045 // 
            
            
            
            JVNDB: JVNDB-2017-014948 // 
            
            
            
            CNNVD: CNNVD-202004-1825

EXTERNAL IDS
db:NVDid:CVE-2017-18797
Trust: 3.0
db:JVNDBid:JVNDB-2017-014948
Trust: 0.8
db:CNVDid:CNVD-2021-61045
Trust: 0.6
db:CNNVDid:CNNVD-202004-1825
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61045 // 
            
            
            
            JVNDB: JVNDB-2017-014948 // 
            
            
            
            CNNVD: CNNVD-202004-1825 // 
            
            
            
            NVD: CVE-2017-18797

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18797
Trust: 2.0
url:https://kb.netgear.com/000049365/security-advisory-for-arbitrary-file-read-vulnerability-on-some-routers-psv-2017-0318
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18797
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61045 // 
            
            
            
            JVNDB: JVNDB-2017-014948 // 
            
            
            
            CNNVD: CNNVD-202004-1825 // 
            
            
            
            NVD: CVE-2017-18797

SOURCES
db:CNVDid:CNVD-2021-61045
db:JVNDBid:JVNDB-2017-014948
db:CNNVDid:CNNVD-202004-1825
db:NVDid:CVE-2017-18797

LAST UPDATE DATE
2024-11-23T21:59:20.885000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61045date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2017-014948date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1825date:2020-04-28T00:00:00
db:NVDid:CVE-2017-18797date:2024-11-21T03:20:56.913

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61045date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014948date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1825date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18797date:2020-04-21T19:15:12.300