Details of VAR-202004-1316

ID

VAR-202004-1316

CVE

CVE-2017-18803

TITLE

NETGEAR R7800 Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014891

DESCRIPTION

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings. NETGEAR R7800 The device contains an input verification vulnerability.Information may be tampered with. NETGEAR R7800 is a wireless router of NETGEAR. There is a security vulnerability in NETGEAR R7800 before 1.0.2.30. Attackers can use this vulnerability to affect integrity

Trust: 2.16

sources: NVD: CVE-2017-18803 // JVNDB: JVNDB-2017-014891 // CNVD: CNVD-2020-25371

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25371

AFFECTED PRODUCTS

vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.30	Trust: 1.6
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.2.30	Trust: 0.8

sources: CNVD: CNVD-2020-25371 // JVNDB: JVNDB-2017-014891 // NVD: CVE-2017-18803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18803
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18803
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014891
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-25371
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2017-18803
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014891
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25371
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18803
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18803
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014891
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25371 // JVNDB: JVNDB-2017-014891 // NVD: CVE-2017-18803 // NVD: CVE-2017-18803

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-014891 // NVD: CVE-2017-18803

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1810

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014891

PATCH

title:	Security Advisory for Security Misconfiguration Vulnerability on R7800 Routers, PSV-2016-0136	url:	https://kb.netgear.com/000049063/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-R7800-Routers-PSV-2017-0136	Trust: 0.8
title:	Patch for NETGEAR R7800 input validation error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/215665	Trust: 0.6
title:	NETGEAR R7800 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116287	Trust: 0.6

sources: CNVD: CNVD-2020-25371 // JVNDB: JVNDB-2017-014891 // CNNVD: CNNVD-202004-1810

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18803	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014891	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25371	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1810	Trust: 0.6

sources: CNVD: CNVD-2020-25371 // JVNDB: JVNDB-2017-014891 // CNNVD: CNNVD-202004-1810 // NVD: CVE-2017-18803

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18803	Trust: 2.0
url:	https://kb.netgear.com/000049063/security-advisory-for-security-misconfiguration-vulnerability-on-r7800-routers-psv-2017-0136	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18803	Trust: 0.8

sources: CNVD: CNVD-2020-25371 // JVNDB: JVNDB-2017-014891 // CNNVD: CNNVD-202004-1810 // NVD: CVE-2017-18803

SOURCES

db:	CNVD	id:	CNVD-2020-25371
db:	JVNDB	id:	JVNDB-2017-014891
db:	CNNVD	id:	CNNVD-202004-1810
db:	NVD	id:	CVE-2017-18803

LAST UPDATE DATE

2024-11-23T22:05:40.358000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25371	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014891	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1810	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18803	date:	2024-11-21T03:20:57.907

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25371	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014891	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1810	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18803	date:	2020-04-21T18:15:12.487