Details of VAR-202004-1312

ID

VAR-202004-1312

CVE

CVE-2017-18799

TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014925

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R6700 is a wireless router. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18799 // JVNDB: JVNDB-2017-014925 // CNVD: CNVD-2021-61047

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-61047

AFFECTED PRODUCTS

vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.7.10	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.74	Trust: 1.6
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.8	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.14	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.22	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.1.1.20	Trust: 1.6
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.30	Trust: 1.6
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.28	Trust: 1.6
vendor:	netgear	model:	r6200	scope:	lt	version:	1.0.3.14	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.8	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	r6200	scope:	eq	version:	1.0.3.14	Trust: 0.8
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.1.1.20	Trust: 0.8
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.0.0.56	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.10	Trust: 0.8
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.0.56	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.30	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.14	Trust: 0.8
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.22	Trust: 0.8
vendor:	netgear	model:	r6300v2	scope:	lt	version:	1.0.4.8	Trust: 0.6
vendor:	netgear	model:	r7000p/r6900p	scope:	lt	version:	1.0.0.56	Trust: 0.6
vendor:	netgear	model:	r6200v2	scope:	lt	version:	1.0.3.14	Trust: 0.6

sources: CNVD: CNVD-2021-61047 // JVNDB: JVNDB-2017-014925 // NVD: CVE-2017-18799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18799
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18799
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014925
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-61047
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1829
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18799
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014925
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-61047
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18799
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18799
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014925
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-61047 // JVNDB: JVNDB-2017-014925 // CNNVD: CNNVD-202004-1829 // NVD: CVE-2017-18799 // NVD: CVE-2017-18799

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-014925 // NVD: CVE-2017-18799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1829

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1829

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014925

PATCH

title:	Security Advisory for Security Misconfiguration Vulnerability on D8500 and Some Routers, PSV-2017-0528	url:	https://kb.netgear.com/000049357/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-D8500-and-Some-Routers-PSV-2017-0528	Trust: 0.8
title:	Patch for Multiple NETGEAR products input verification error vulnerability (CNVD-2021-61047)	url:	https://www.cnvd.org.cn/patchInfo/show/284581	Trust: 0.6
title:	Multiple NETGEAR Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117218	Trust: 0.6

sources: CNVD: CNVD-2021-61047 // JVNDB: JVNDB-2017-014925 // CNNVD: CNNVD-202004-1829

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18799	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014925	Trust: 0.8
db:	CNVD	id:	CNVD-2021-61047	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1829	Trust: 0.6

sources: CNVD: CNVD-2021-61047 // JVNDB: JVNDB-2017-014925 // CNNVD: CNNVD-202004-1829 // NVD: CVE-2017-18799

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18799	Trust: 2.0
url:	https://kb.netgear.com/000049357/security-advisory-for-security-misconfiguration-vulnerability-on-d8500-and-some-routers-psv-2017-0528	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18799	Trust: 0.8

sources: CNVD: CNVD-2021-61047 // JVNDB: JVNDB-2017-014925 // CNNVD: CNNVD-202004-1829 // NVD: CVE-2017-18799

SOURCES

db:	CNVD	id:	CNVD-2021-61047
db:	JVNDB	id:	JVNDB-2017-014925
db:	CNNVD	id:	CNNVD-202004-1829
db:	NVD	id:	CVE-2017-18799

LAST UPDATE DATE

2024-11-23T22:41:06.828000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-61047	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014925	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1829	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18799	date:	2024-11-21T03:20:57.243

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-61047	date:	2021-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-014925	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1829	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18799	date:	2020-04-21T19:15:12.427