Sign-up

ID

VAR-202004-1317


CVE

CVE-2017-18804


TITLE

NETGEAR R7800 and R9000 Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014892

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4. NETGEAR R7800 and R9000 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R9000 and NETGEAR R7800 are wireless routers from NETGEAR. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18804 // JVNDB: JVNDB-2017-014892 // CNVD: CNVD-2021-57166

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-57166

AFFECTED PRODUCTS

vendor:netgearmodel:r7800scope:ltversion:1.0.2.16

Trust: 1.6

vendor:netgearmodel:r9000scope:ltversion:1.0.2.4

Trust: 1.6

vendor:netgearmodel:r7800scope:eqversion:1.0.2.16

Trust: 0.8

vendor:netgearmodel:r9000scope:eqversion:1.0.2.4

Trust: 0.8

sources: CNVD: CNVD-2021-57166 // JVNDB: JVNDB-2017-014892 // NVD: CVE-2017-18804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18804
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18804
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014892
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-57166
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18804
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014892
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-57166
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18804
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18804
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014892
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-57166 // JVNDB: JVNDB-2017-014892 // NVD: CVE-2017-18804 // NVD: CVE-2017-18804

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014892 // NVD: CVE-2017-18804

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1811

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014892

PATCH
title:Security Advisory for Command Injection Vulnerability on R7800 and R9000 Routers, PSV-2016-0128url:https://kb.netgear.com/000049062/Security-Advisory-for-Command-Injection-Vulnerability-on-R7800-and-R9000-Routers-PSV-2016-0128
Trust: 0.8
title:Patch for NETGEAR command injection vulnerability (CNVD-2021-57166)url:https://www.cnvd.org.cn/patchInfo/show/283611
Trust: 0.6
title:NETGEAR R9000  and R7800 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116288
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-57166 // 
            
            
            
            JVNDB: JVNDB-2017-014892 // 
            
            
            
            CNNVD: CNNVD-202004-1811

EXTERNAL IDS
db:NVDid:CVE-2017-18804
Trust: 3.0
db:JVNDBid:JVNDB-2017-014892
Trust: 0.8
db:CNVDid:CNVD-2021-57166
Trust: 0.6
db:CNNVDid:CNNVD-202004-1811
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-57166 // 
            
            
            
            JVNDB: JVNDB-2017-014892 // 
            
            
            
            CNNVD: CNNVD-202004-1811 // 
            
            
            
            NVD: CVE-2017-18804

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18804
Trust: 2.0
url:https://kb.netgear.com/000049062/security-advisory-for-command-injection-vulnerability-on-r7800-and-r9000-routers-psv-2016-0128
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18804
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-57166 // 
            
            
            
            JVNDB: JVNDB-2017-014892 // 
            
            
            
            CNNVD: CNNVD-202004-1811 // 
            
            
            
            NVD: CVE-2017-18804

SOURCES
db:CNVDid:CNVD-2021-57166
db:JVNDBid:JVNDB-2017-014892
db:CNNVDid:CNNVD-202004-1811
db:NVDid:CVE-2017-18804

LAST UPDATE DATE
2024-11-23T21:35:53.731000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-57166date:2021-07-31T00:00:00
db:JVNDBid:JVNDB-2017-014892date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1811date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18804date:2024-11-21T03:20:58.063

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-57166date:2020-07-30T00:00:00
db:JVNDBid:JVNDB-2017-014892date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1811date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18804date:2020-04-21T18:15:12.547