Details of VAR-202004-1323

ID

VAR-202004-1323

CVE

CVE-2017-18851

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014881

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6400 is a wireless router. NETGEAR R8300 is a wireless router. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18851 // JVNDB: JVNDB-2017-014881 // CNVD: CNVD-2021-57168

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57168

AFFECTED PRODUCTS

vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.28	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.94	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.94	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.22	Trust: 1.0
vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.12	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.18	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.28	Trust: 0.8
vendor:	netgear	model:	r6100	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.22	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.18	Trust: 0.8
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.94	Trust: 0.8
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.94	Trust: 0.8
vendor:	netgear	model:	r6400v2	scope:	lte	version:	<=1.0.2.18	Trust: 0.6
vendor:	netgear	model:	d8500	scope:	lte	version:	<=1.0.3.28	Trust: 0.6
vendor:	netgear	model:	r6400	scope:	lte	version:	<=1.0.1.22	Trust: 0.6
vendor:	netgear	model:	r8300	scope:	lte	version:	<=1.0.2.94	Trust: 0.6
vendor:	netgear	model:	r8500	scope:	lte	version:	<=1.0.2.94	Trust: 0.6
vendor:	netgear	model:	r6100	scope:	lte	version:	<=1.0.1.12	Trust: 0.6

sources: CNVD: CNVD-2021-57168 // JVNDB: JVNDB-2017-014881 // NVD: CVE-2017-18851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18851
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18851
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014881
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-57168
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18851
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014881
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-57168
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18851
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18851
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014881
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-57168 // JVNDB: JVNDB-2017-014881 // NVD: CVE-2017-18851 // NVD: CVE-2017-18851

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014881 // NVD: CVE-2017-18851

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1611

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014881

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some Routers and Modem Routers, PSV-2017-1207	url:	https://kb.netgear.com/000045850/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Modem-Routers-PSV-2017-1207	Trust: 0.8
title:	Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-57168)	url:	https://www.cnvd.org.cn/patchInfo/show/283616	Trust: 0.6
title:	Multiple NETGEAR Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116185	Trust: 0.6

sources: CNVD: CNVD-2021-57168 // JVNDB: JVNDB-2017-014881 // CNNVD: CNNVD-202004-1611

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18851	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014881	Trust: 0.8
db:	CNVD	id:	CNVD-2021-57168	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1611	Trust: 0.6

sources: CNVD: CNVD-2021-57168 // JVNDB: JVNDB-2017-014881 // CNNVD: CNNVD-202004-1611 // NVD: CVE-2017-18851

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18851	Trust: 2.0
url:	https://kb.netgear.com/000045850/security-advisory-for-post-authentication-command-injection-on-some-routers-and-modem-routers-psv-2017-1207	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18851	Trust: 0.8

sources: CNVD: CNVD-2021-57168 // JVNDB: JVNDB-2017-014881 // CNNVD: CNNVD-202004-1611 // NVD: CVE-2017-18851

SOURCES

db:	CNVD	id:	CNVD-2021-57168
db:	JVNDB	id:	JVNDB-2017-014881
db:	CNNVD	id:	CNNVD-202004-1611
db:	NVD	id:	CVE-2017-18851

LAST UPDATE DATE

2024-11-23T23:04:25.184000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57168	date:	2021-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-014881	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1611	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18851	date:	2024-11-21T03:21:05.547

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57168	date:	2020-07-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-014881	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1611	date:	2020-04-20T00:00:00
db:	NVD	id:	CVE-2017-18851	date:	2020-04-20T13:15:13.053