Sign-up

ID

VAR-202004-1311


CVE

CVE-2017-18798


TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014924

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R6700v2 is a wireless router. NETGEAR R6800 is a wireless router. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18798 // JVNDB: JVNDB-2017-014924 // CNVD: CNVD-2021-61046

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61046

AFFECTED PRODUCTS

vendor:netgearmodel:d7000scope:ltversion:1.0.1.50

Trust: 1.6

vendor:netgearmodel:d1500scope:ltversion:1.0.0.25

Trust: 1.6

vendor:netgearmodel:r6800scope:ltversion:1.1.0.38

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.1.0.38

Trust: 1.0

vendor:netgearmodel:d500scope:ltversion:1.0.0.25

Trust: 1.0

vendor:netgearmodel:d1500scope:eqversion:1.0.0.25

Trust: 0.8

vendor:netgearmodel:d500scope:eqversion:1.0.0.25

Trust: 0.8

vendor:netgearmodel:d7000scope:eqversion:1.0.1.50

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:r6800scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:r6700v2scope:ltversion:1.1.0.38

Trust: 0.6

sources: CNVD: CNVD-2021-61046 // JVNDB: JVNDB-2017-014924 // NVD: CVE-2017-18798

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18798
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18798
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014924
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61046
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1827
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-18798
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014924
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61046
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18798
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18798
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014924
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61046 // JVNDB: JVNDB-2017-014924 // CNNVD: CNNVD-202004-1827 // NVD: CVE-2017-18798 // NVD: CVE-2017-18798

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-014924 // NVD: CVE-2017-18798

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1827

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1827

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014924

PATCH
title:https://kb.netgear.com/000049358/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-Some-Routers-and-Some-DSL-Modem-Routers-PSV-2017-2159url:https://kb.netgear.com/000049358/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-Some-Routers-and-Some-DSL-Modem-Routers-PSV-2017-2159
Trust: 0.8
title:Patch for Multiple NETGEAR products input verification error vulnerability (CNVD-2021-61046)url:https://www.cnvd.org.cn/patchInfo/show/284611
Trust: 0.6
title:Multiple NETGEAR Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117217
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61046 // 
            
            
            
            JVNDB: JVNDB-2017-014924 // 
            
            
            
            CNNVD: CNNVD-202004-1827

EXTERNAL IDS
db:NVDid:CVE-2017-18798
Trust: 3.0
db:JVNDBid:JVNDB-2017-014924
Trust: 0.8
db:CNVDid:CNVD-2021-61046
Trust: 0.6
db:CNNVDid:CNNVD-202004-1827
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61046 // 
            
            
            
            JVNDB: JVNDB-2017-014924 // 
            
            
            
            CNNVD: CNNVD-202004-1827 // 
            
            
            
            NVD: CVE-2017-18798

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18798
Trust: 2.0
url:https://kb.netgear.com/000049358/security-advisory-for-security-misconfiguration-vulnerability-on-some-routers-and-some-dsl-modem-routers-psv-2017-2159
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18798
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61046 // 
            
            
            
            JVNDB: JVNDB-2017-014924 // 
            
            
            
            CNNVD: CNNVD-202004-1827 // 
            
            
            
            NVD: CVE-2017-18798

SOURCES
db:CNVDid:CNVD-2021-61046
db:JVNDBid:JVNDB-2017-014924
db:CNNVDid:CNNVD-202004-1827
db:NVDid:CVE-2017-18798

LAST UPDATE DATE
2024-11-23T22:21:12.865000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61046date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2017-014924date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1827date:2020-04-26T00:00:00
db:NVDid:CVE-2017-18798date:2024-11-21T03:20:57.077

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61046date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014924date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1827date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18798date:2020-04-21T19:15:12.363