Details of VAR-202004-1325

ID

VAR-202004-1325

CVE

CVE-2017-18853

TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014981

DESCRIPTION

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R7000 is a wireless router. NETGEAR R6900 is a wireless router. There are security holes in many NETGEAR products. Attackers can use this vulnerability to recover passwords and access files. This affects D8500 1.0.3.27 and previous versions, DGN2200v4 1.0.0.82 and previous versions, R6300v2 1.0.4.06 and previous versions, R6400 1.0.1.20 and previous versions, R6400v2 1.0.2.18 and previous versions, R6700 1.0.1.22 and previous versions, R6900 1.0.1.20 and previous versions, R7000 1.0.7.10 and previous versions, R7000P 1.0.0.58 and previous versions, R7100LG 1.0.0.28 and previous versions, R7300DST 1.0.0.52 and previous versions, R7900 1.0.1.12 and previous versions, R8000 1.0.3.46 and previous versions, R8300 1.0.2.86 and previous versions, R8500 1.0.2.86 and previous versions, WNDR3400v3 1.0.1.8 and previous versions, and WNDR4500v2 1.0.0.62 and previous versions

Trust: 2.25

sources: NVD: CVE-2017-18853 // JVNDB: JVNDB-2017-014981 // CNVD: CNVD-2020-29737 // VULMON: CVE-2017-18853

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-29737

AFFECTED PRODUCTS

vendor:	netgear	model:	dgn2200	scope:	lte	version:	1.0.0.82	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lte	version:	1.0.4.06	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lte	version:	1.0.1.22	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lte	version:	1.0.7.10	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lte	version:	1.0.0.62	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lte	version:	1.0.2.18	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lte	version:	1.0.0.58	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lte	version:	1.0.3.46	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lte	version:	1.0.1.20	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lte	version:	1.0.2.86	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lte	version:	1.0.3.27	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lte	version:	1.0.0.28	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lte	version:	1.0.1.20	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lte	version:	1.0.2.86	Trust: 1.0
vendor:	netgear	model:	wndr3400	scope:	lte	version:	1.0.1.8	Trust: 1.0
vendor:	netgear	model:	r7300dst	scope:	lte	version:	1.0.0.52	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lte	version:	1.0.1.12	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.27	Trust: 0.9
vendor:	netgear	model:	dgn2200	scope:	eq	version:	1.0.0.82	Trust: 0.9
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.06	Trust: 0.9
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.20	Trust: 0.9
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.18	Trust: 0.9
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.22	Trust: 0.9
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.20	Trust: 0.9
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.10	Trust: 0.9
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.0.58	Trust: 0.9
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.28	Trust: 0.9
vendor:	netgear	model:	d8500	scope:	lte	version:	<=1.0.3.27	Trust: 0.6
vendor:	netgear	model:	r6300v2	scope:	lte	version:	<=1.0.4.06	Trust: 0.6
vendor:	netgear	model:	r6400	scope:	lte	version:	<=1.0.1.20	Trust: 0.6
vendor:	netgear	model:	r6400v2	scope:	lte	version:	<=1.0.2.18	Trust: 0.6
vendor:	netgear	model:	r6700	scope:	lte	version:	<=1.0.1.22	Trust: 0.6
vendor:	netgear	model:	r6900	scope:	lte	version:	<=1.0.1.20	Trust: 0.6
vendor:	netgear	model:	r7000	scope:	lte	version:	<=1.0.7.10	Trust: 0.6
vendor:	netgear	model:	r7000p	scope:	lte	version:	<=1.0.0.58	Trust: 0.6
vendor:	netgear	model:	r7100lg	scope:	lte	version:	<=1.0.0.28	Trust: 0.6
vendor:	netgear	model:	r7300dst	scope:	lte	version:	<=1.0.0.52	Trust: 0.6
vendor:	netgear	model:	r7900	scope:	lte	version:	<=1.0.1.12	Trust: 0.6
vendor:	netgear	model:	r8000	scope:	lte	version:	<=1.0.3.46	Trust: 0.6
vendor:	netgear	model:	r8300	scope:	lte	version:	<=1.0.2.86	Trust: 0.6
vendor:	netgear	model:	r8500	scope:	lte	version:	<=1.0.2.86	Trust: 0.6
vendor:	netgear	model:	wndr3400v3	scope:	lte	version:	<=1.0.1.8	Trust: 0.6
vendor:	netgear	model:	wndr4500v2	scope:	lte	version:	<=1.0.0.62	Trust: 0.6
vendor:	netgear	model:	dgn2200v4	scope:	lte	version:	<=1.0.0.82	Trust: 0.6
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.52	Trust: 0.1
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.12	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.46	Trust: 0.1
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.86	Trust: 0.1
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.86	Trust: 0.1
vendor:	netgear	model:	wndr3400	scope:	eq	version:	1.0.1.8	Trust: 0.1
vendor:	netgear	model:	wndr4500	scope:	eq	version:	1.0.0.62	Trust: 0.1

sources: CNVD: CNVD-2020-29737 // VULMON: CVE-2017-18853 // JVNDB: JVNDB-2017-014981 // NVD: CVE-2017-18853

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18853
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18853
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2017-014981
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-29737
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2383
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-18853
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18853
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014981
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-29737
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18853
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18853
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014981
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-29737 // VULMON: CVE-2017-18853 // JVNDB: JVNDB-2017-014981 // CNNVD: CNNVD-202004-2383 // NVD: CVE-2017-18853 // NVD: CVE-2017-18853

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014981 // NVD: CVE-2017-18853

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2383

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2383

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014981

PATCH

title:	Security Advisory for Password Recovery and File Access on Some Routers and Modem Routers, PSV-2017-0677	url:	https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677	Trust: 0.8
title:	Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-29737)	url:	https://www.cnvd.org.cn/patchInfo/show/217497	Trust: 0.6
title:	Multiple NETGEAR Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117758	Trust: 0.6

sources: CNVD: CNVD-2020-29737 // JVNDB: JVNDB-2017-014981 // CNNVD: CNNVD-202004-2383

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18853	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014981	Trust: 0.8
db:	CNVD	id:	CNVD-2020-29737	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2383	Trust: 0.6
db:	VULMON	id:	CVE-2017-18853	Trust: 0.1

sources: CNVD: CNVD-2020-29737 // VULMON: CVE-2017-18853 // JVNDB: JVNDB-2017-014981 // CNNVD: CNNVD-202004-2383 // NVD: CVE-2017-18853

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18853	Trust: 2.0
url:	https://kb.netgear.com/000045848/security-advisory-for-password-recovery-and-file-access-on-some-routers-and-modem-routers-psv-2017-0677	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18853	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-29737 // VULMON: CVE-2017-18853 // JVNDB: JVNDB-2017-014981 // CNNVD: CNNVD-202004-2383 // NVD: CVE-2017-18853

SOURCES

db:	CNVD	id:	CNVD-2020-29737
db:	VULMON	id:	CVE-2017-18853
db:	JVNDB	id:	JVNDB-2017-014981
db:	CNNVD	id:	CNNVD-202004-2383
db:	NVD	id:	CVE-2017-18853

LAST UPDATE DATE

2024-11-23T22:48:01.690000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-29737	date:	2020-05-27T00:00:00
db:	VULMON	id:	CVE-2017-18853	date:	2020-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-014981	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2383	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2017-18853	date:	2024-11-21T03:21:05.863

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-29737	date:	2020-05-14T00:00:00
db:	VULMON	id:	CVE-2017-18853	date:	2020-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-014981	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2383	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2017-18853	date:	2020-04-29T14:15:12.370