Details of VAR-202004-1318

ID

VAR-202004-1318

CVE

CVE-2017-18805

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014895

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18805 // JVNDB: JVNDB-2017-014895 // CNVD: CNVD-2021-57167

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57167

AFFECTED PRODUCTS

vendor:	netgear	model:	wac510	scope:	lt	version:	1.3.0.10	Trust: 1.6
vendor:	netgear	model:	wac120	scope:	lt	version:	2.1.4	Trust: 1.6
vendor:	netgear	model:	wnd930	scope:	lt	version:	2.1.2	Trust: 1.6
vendor:	netgear	model:	wn604	scope:	lt	version:	3.3.7	Trust: 1.6
vendor:	netgear	model:	wndap660	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wndap350	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wnap320	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wndap360	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wnap210	scope:	lt	version:	3.7.4.0	Trust: 1.0
vendor:	netgear	model:	wndap620	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	netgear	model:	wac120	scope:	eq	version:	2.1.4	Trust: 0.8
vendor:	netgear	model:	wac510	scope:	eq	version:	1.3.0.10	Trust: 0.8
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.7	Trust: 0.8
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.1.2	Trust: 0.8
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.1.3	Trust: 0.8
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wnap210v2	scope:	lt	version:	3.7.4.0	Trust: 0.6

sources: CNVD: CNVD-2021-57167 // JVNDB: JVNDB-2017-014895 // NVD: CVE-2017-18805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18805
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18805
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014895
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-57167
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18805
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014895
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-57167
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18805
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18805
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014895
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-57167 // JVNDB: JVNDB-2017-014895 // NVD: CVE-2017-18805 // NVD: CVE-2017-18805

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014895 // NVD: CVE-2017-18805

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1815

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014895

PATCH

title:	Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2213	url:	https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213	Trust: 0.8
title:	Patch for NETGEAR command injection vulnerability (CNVD-2021-57167)	url:	https://www.cnvd.org.cn/patchInfo/show/283626	Trust: 0.6
title:	Multiple NETGEAR Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116292	Trust: 0.6

sources: CNVD: CNVD-2021-57167 // JVNDB: JVNDB-2017-014895 // CNNVD: CNNVD-202004-1815

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18805	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014895	Trust: 0.8
db:	CNVD	id:	CNVD-2021-57167	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1815	Trust: 0.6

sources: CNVD: CNVD-2021-57167 // JVNDB: JVNDB-2017-014895 // CNNVD: CNNVD-202004-1815 // NVD: CVE-2017-18805

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18805	Trust: 2.0
url:	https://kb.netgear.com/000049060/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2213	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18805	Trust: 0.8

sources: CNVD: CNVD-2021-57167 // JVNDB: JVNDB-2017-014895 // CNNVD: CNNVD-202004-1815 // NVD: CVE-2017-18805

SOURCES

db:	CNVD	id:	CNVD-2021-57167
db:	JVNDB	id:	JVNDB-2017-014895
db:	CNNVD	id:	CNNVD-202004-1815
db:	NVD	id:	CVE-2017-18805

LAST UPDATE DATE

2024-11-23T22:33:28.609000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57167	date:	2021-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-014895	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1815	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18805	date:	2024-11-21T03:20:58.220

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57167	date:	2020-07-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-014895	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1815	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18805	date:	2020-04-21T18:15:12.593