Details of VAR-202004-1334

ID

VAR-202004-1334

CVE

CVE-2017-18862

TITLE

plural NETGEAR Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-014994

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11. NETGEAR GS105E, etc. are all switches from NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass authentication and gain access to switch configuration files and passwords (same subnet). This affects JGS516PE prior to 2017-05-11, JGS524Ev2 prior to 2017-05-11, JGS524PE prior to 2017-05-11, GS105Ev2 prior to 2017-05-11, GS105PE prior to 2017-05-11, GS108Ev3 prior to 2017-05-11, GS108PEv3 prior to 2017-05-11, GS116Ev2 prior to 2017-05-11, GSS108E prior to 2017-05-11, GSS116E prior to 2017-05-11, XS708Ev2 prior to 2017-05-11, and XS716E prior to 2017-05-11

Trust: 2.25

sources: NVD: CVE-2017-18862 // JVNDB: JVNDB-2017-014994 // CNVD: CNVD-2021-83564 // VULMON: CVE-2017-18862

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-83564

AFFECTED PRODUCTS

vendor:	netgear	model:	gss116e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	jgs524e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	gs116e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	gs108e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	xs716e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	gs105e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	xs708e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	gs108pe	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	gs105pe	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	jgs524pe	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	gss108e	scope:	lt	version:	2017-05-11	Trust: 1.0
vendor:	netgear	model:	gs105e	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	gs105pe prosafe plus switch	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	gs108e	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	gs108pe prosafe plus switch	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	gs116e	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	gss108e	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	jgs516pe	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	jgs524e	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	jgs524pe	scope:	eq	version:	2017/05/11	Trust: 0.8
vendor:	netgear	model:	jgs516pe	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	jgs524ev2	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	jgs524pe	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gs105ev2	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gs105pe	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gs108ev3	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gs108pev3	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gs116ev2	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gss108e	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gss116e	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	xs708ev2	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	xs716e	scope:	lte	version:	<=2017-05-11	Trust: 0.6
vendor:	netgear	model:	gs105e	scope:	eq	version:	1.6.0.4	Trust: 0.1
vendor:	netgear	model:	gs105pe	scope:	eq	version:	1.6.0.4	Trust: 0.1
vendor:	netgear	model:	gs108e	scope:	eq	version:	2.06.08	Trust: 0.1
vendor:	netgear	model:	gs108pe	scope:	eq	version:	1.2.0.5	Trust: 0.1
vendor:	netgear	model:	gs108pe	scope:	eq	version:	2.06.08	Trust: 0.1
vendor:	netgear	model:	gs116e	scope:	eq	version:	2.6.0.35	Trust: 0.1
vendor:	netgear	model:	gss108e	scope:	eq	version:	1.6.0.4	Trust: 0.1
vendor:	netgear	model:	gss116e	scope:	eq	version:	1.6.0.9	Trust: 0.1
vendor:	netgear	model:	jgs516pe	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	jgs516pe	scope:	eq	version:	2.6.0.35	Trust: 0.1
vendor:	netgear	model:	jgs516pe	scope:	eq	version:	2.6.0.43	Trust: 0.1
vendor:	netgear	model:	jgs524e	scope:	eq	version:	2.6.0.35	Trust: 0.1
vendor:	netgear	model:	jgs524pe	scope:	eq	version:	2.6.0.35	Trust: 0.1
vendor:	netgear	model:	xs708e	scope:	eq	version:	1.6.0.23	Trust: 0.1
vendor:	netgear	model:	xs716e	scope:	eq	version:	1.6.0.23	Trust: 0.1

sources: CNVD: CNVD-2021-83564 // VULMON: CVE-2017-18862 // JVNDB: JVNDB-2017-014994 // NVD: CVE-2017-18862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18862
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014994
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-83564
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-2261
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-18862
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-18862
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014994
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-83564
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18862
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2017-014994
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-83564 // VULMON: CVE-2017-18862 // JVNDB: JVNDB-2017-014994 // CNNVD: CNNVD-202004-2261 // NVD: CVE-2017-18862

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014994 // NVD: CVE-2017-18862

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2261

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-2261

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014994

PATCH

title:	Security Advisory for Authentication Bypass on ProSAFE Web Managed Switches, PSV-2015-0043	url:	https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issues and vulnerabilities (CNVD-2021-83564)	url:	https://www.cnvd.org.cn/patchInfo/show/296276	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117353	Trust: 0.6

sources: CNVD: CNVD-2021-83564 // JVNDB: JVNDB-2017-014994 // CNNVD: CNNVD-202004-2261

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18862	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014994	Trust: 0.8
db:	CNVD	id:	CNVD-2021-83564	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2261	Trust: 0.6
db:	VULMON	id:	CVE-2017-18862	Trust: 0.1

sources: CNVD: CNVD-2021-83564 // VULMON: CVE-2017-18862 // JVNDB: JVNDB-2017-014994 // CNNVD: CNNVD-202004-2261 // NVD: CVE-2017-18862

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18862	Trust: 2.0
url:	https://kb.netgear.com/000037849/security-advisory-for-authentication-bypass-on-prosafe-web-managed-switches-psv-2015-0043	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18862	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-83564 // VULMON: CVE-2017-18862 // JVNDB: JVNDB-2017-014994 // CNNVD: CNNVD-202004-2261 // NVD: CVE-2017-18862

SOURCES

db:	CNVD	id:	CNVD-2021-83564
db:	VULMON	id:	CVE-2017-18862
db:	JVNDB	id:	JVNDB-2017-014994
db:	CNNVD	id:	CNNVD-202004-2261
db:	NVD	id:	CVE-2017-18862

LAST UPDATE DATE

2024-11-23T22:11:30.775000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-83564	date:	2021-11-04T00:00:00
db:	VULMON	id:	CVE-2017-18862	date:	2020-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-014994	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2261	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2017-18862	date:	2024-11-21T03:21:07.230

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-83564	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2017-18862	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014994	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2261	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2017-18862	date:	2020-04-28T16:15:12.683