Sign-up

ID

VAR-202004-1315


CVE

CVE-2017-18802


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014890

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18802 // JVNDB: JVNDB-2017-014890 // CNVD: CNVD-2021-52570

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52570

AFFECTED PRODUCTS

vendor:netgearmodel:r7500scope:ltversion:1.0.0.110

Trust: 1.6

vendor:netgearmodel:r7800scope:ltversion:1.0.2.32

Trust: 1.6

vendor:netgearmodel:r6100scope:ltversion:1.0.1.14

Trust: 1.6

vendor:netgearmodel:d7800scope:ltversion:1.0.1.22

Trust: 1.6

vendor:netgearmodel:ex6200scope:ltversion:1.0.1.50

Trust: 1.0

vendor:netgearmodel:r7500scope:ltversion:1.0.3.16

Trust: 1.0

vendor:netgearmodel:d7800scope:eqversion:1.0.1.22

Trust: 0.8

vendor:netgearmodel:ex6200scope:eqversion:1.0.1.50

Trust: 0.8

vendor:netgearmodel:r6100scope:eqversion:1.0.1.14

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.0.110

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.3.16

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.32

Trust: 0.8

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.16

Trust: 0.6

vendor:netgearmodel:ex6200v2scope:ltversion:1.0.1.50

Trust: 0.6

sources: CNVD: CNVD-2021-52570 // JVNDB: JVNDB-2017-014890 // NVD: CVE-2017-18802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18802
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18802
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014890
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-52570
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18802
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014890
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52570
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18802
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18802
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014890
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52570 // JVNDB: JVNDB-2017-014890 // NVD: CVE-2017-18802 // NVD: CVE-2017-18802

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014890 // NVD: CVE-2017-18802

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1808

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014890

PATCH
title:Security Advisory for Command Injection Vulnerability on D7000, EX6200v2, and Some Routers, PSV-2017-2181url:https://kb.netgear.com/000049354/Security-Advisory-for-Command-Injection-Vulnerability-on-D7000-EX6200v2-and-Some-Routers-PSV-2017-2181
Trust: 0.8
title:Patch for NETGEAR command injection vulnerability (CNVD-2021-52570)url:https://www.cnvd.org.cn/patchInfo/show/279666
Trust: 0.6
title:Multiple NETGEAR Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116285
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52570 // 
            
            
            
            JVNDB: JVNDB-2017-014890 // 
            
            
            
            CNNVD: CNNVD-202004-1808

EXTERNAL IDS
db:NVDid:CVE-2017-18802
Trust: 3.0
db:JVNDBid:JVNDB-2017-014890
Trust: 0.8
db:CNVDid:CNVD-2021-52570
Trust: 0.6
db:CNNVDid:CNNVD-202004-1808
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52570 // 
            
            
            
            JVNDB: JVNDB-2017-014890 // 
            
            
            
            CNNVD: CNNVD-202004-1808 // 
            
            
            
            NVD: CVE-2017-18802

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18802
Trust: 2.0
url:https://kb.netgear.com/000049354/security-advisory-for-command-injection-vulnerability-on-d7000-ex6200v2-and-some-routers-psv-2017-2181
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18802
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-52570 // 
            
            
            
            JVNDB: JVNDB-2017-014890 // 
            
            
            
            CNNVD: CNNVD-202004-1808 // 
            
            
            
            NVD: CVE-2017-18802

SOURCES
db:CNVDid:CNVD-2021-52570
db:JVNDBid:JVNDB-2017-014890
db:CNNVDid:CNNVD-202004-1808
db:NVDid:CVE-2017-18802

LAST UPDATE DATE
2024-11-23T22:55:10.588000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52570date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2017-014890date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1808date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18802date:2024-11-21T03:20:57.740

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52570date:2020-07-19T00:00:00
db:JVNDBid:JVNDB-2017-014890date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1808date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18802date:2020-04-21T18:15:12.423