Sign-up

ID

VAR-202004-1313


CVE

CVE-2017-18800


TITLE

NETGEAR R6700v2 and R6800 Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014900

DESCRIPTION

Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42. NETGEAR R6700v2 and R6800 A cross-site scripting vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R6700v2 and NETGEAR R6800 are wireless routers from NETGEAR. There are cross-site scripting vulnerabilities in NETGEAR R6700v2 versions before 1.1.0.42 and R6800 versions before 1.1.0.42. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2017-18800 // JVNDB: JVNDB-2017-014900 // CNVD: CNVD-2021-61048

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61048

AFFECTED PRODUCTS

vendor:netgearmodel:r6800scope:ltversion:1.1.0.42

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.1.0.42

Trust: 1.0

vendor:netgearmodel:r6700scope:eqversion:1.1.0.42

Trust: 0.8

vendor:netgearmodel:r6800scope:eqversion:1.1.0.42

Trust: 0.8

vendor:netgearmodel:r6700v2scope:ltversion:1.1.0.42

Trust: 0.6

sources: CNVD: CNVD-2021-61048 // JVNDB: JVNDB-2017-014900 // NVD: CVE-2017-18800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18800
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18800
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014900
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61048
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18800
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014900
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61048
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18800
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.7
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18800
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014900
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61048 // JVNDB: JVNDB-2017-014900 // NVD: CVE-2017-18800 // NVD: CVE-2017-18800

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-014900 // NVD: CVE-2017-18800

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1830

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014900

PATCH
title:Security Advisory for Reflected Cross Site Scripting Vulnerability on R6700v2 and R6800, PSV-2017-2162url:https://kb.netgear.com/000049356/Security-Advisory-for-Reflected-Cross-Site-Scripting-Vulnerability-on-R6700v2-and-R6800-PSV-2017-2162
Trust: 0.8
title:Patch for NETGEAR R6700v2 and R6800 cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/284596
Trust: 0.6
title:NETGEAR R6700v2  and R6800 Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116307
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61048 // 
            
            
            
            JVNDB: JVNDB-2017-014900 // 
            
            
            
            CNNVD: CNNVD-202004-1830

EXTERNAL IDS
db:NVDid:CVE-2017-18800
Trust: 3.0
db:JVNDBid:JVNDB-2017-014900
Trust: 0.8
db:CNVDid:CNVD-2021-61048
Trust: 0.6
db:CNNVDid:CNNVD-202004-1830
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61048 // 
            
            
            
            JVNDB: JVNDB-2017-014900 // 
            
            
            
            CNNVD: CNNVD-202004-1830 // 
            
            
            
            NVD: CVE-2017-18800

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18800
Trust: 2.0
url:https://kb.netgear.com/000049356/security-advisory-for-reflected-cross-site-scripting-vulnerability-on-r6700v2-and-r6800-psv-2017-2162
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18800
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61048 // 
            
            
            
            JVNDB: JVNDB-2017-014900 // 
            
            
            
            CNNVD: CNNVD-202004-1830 // 
            
            
            
            NVD: CVE-2017-18800

SOURCES
db:CNVDid:CNVD-2021-61048
db:JVNDBid:JVNDB-2017-014900
db:CNNVDid:CNNVD-202004-1830
db:NVDid:CVE-2017-18800

LAST UPDATE DATE
2024-11-23T22:11:30.804000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61048date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2017-014900date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1830date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18800date:2024-11-21T03:20:57.413

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61048date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014900date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1830date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18800date:2020-04-21T19:15:12.473