Sign-up

ID

VAR-202004-1335


CVE

CVE-2017-18769


TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014876

DESCRIPTION

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44. plural NETGEAR The device is vulnerable to information leakage.Information may be obtained. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR R7500 is a wireless router. NETGEAR D6220 is a wireless modem

Trust: 2.16

sources: NVD: CVE-2017-18769 // JVNDB: JVNDB-2017-014876 // CNVD: CNVD-2020-31317

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31317

AFFECTED PRODUCTS

vendor:netgearmodel:jr6150scope:ltversion:1.0.1.18

Trust: 1.6

vendor:netgearmodel:r7800scope:ltversion:1.0.2.36

Trust: 1.6

vendor:netgearmodel:r7500scope:ltversion:1.0.0.112

Trust: 1.6

vendor:netgearmodel:r6100scope:ltversion:1.0.1.16

Trust: 1.6

vendor:netgearmodel:r6400scope:ltversion:1.0.1.24

Trust: 1.6

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.32

Trust: 1.6

vendor:netgearmodel:r7900scope:ltversion:1.0.1.18

Trust: 1.6

vendor:netgearmodel:r8000scope:ltversion:1.0.3.48

Trust: 1.6

vendor:netgearmodel:r6220scope:ltversion:1.1.0.50

Trust: 1.6

vendor:netgearmodel:d7800scope:ltversion:1.0.1.34

Trust: 1.6

vendor:netgearmodel:r8300scope:ltversion:1.0.2.104

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.104

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.0.1.26

Trust: 1.6

vendor:netgearmodel:r7000scope:ltversion:1.0.9.6

Trust: 1.6

vendor:netgearmodel:d6220scope:ltversion:1.0.0.40

Trust: 1.6

vendor:netgearmodel:d6400scope:ltversion:1.0.0.74

Trust: 1.6

vendor:netgearmodel:d7000scope:ltversion:1.0.1.60

Trust: 1.6

vendor:netgearmodel:d8500scope:ltversion:1.0.3.39

Trust: 1.6

vendor:netgearmodel:ex7000scope:ltversion:1.0.0.56

Trust: 1.6

vendor:netgearmodel:r6250scope:ltversion:1.0.4.12

Trust: 1.6

vendor:netgearmodel:r6800scope:ltversion:1.0.1.10

Trust: 1.6

vendor:netgearmodel:r6900scope:ltversion:1.0.1.26

Trust: 1.6

vendor:netgearmodel:r6900pscope:ltversion:1.0.0.58

Trust: 1.6

vendor:netgearmodel:r7000pscope:ltversion:1.0.0.58

Trust: 1.6

vendor:netgearmodel:r7300scope:ltversion:1.0.0.54

Trust: 1.6

vendor:netgearmodel:r9000scope:ltversion:1.0.2.40

Trust: 1.6

vendor:netgearmodel:dgn2200scope:ltversion:1.0.0.94

Trust: 1.0

vendor:netgearmodel:r6050scope:ltversion:1.0.1.10j

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.2.0.4

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:wndr3400scope:ltversion:1.0.1.14

Trust: 1.0

vendor:netgearmodel:ex6200scope:ltversion:1.0.1.50

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.2.98

Trust: 1.0

vendor:netgearmodel:dgn2200bscope:ltversion:1.0.0.94

Trust: 1.0

vendor:netgearmodel:wndr3700scope:ltversion:1.0.2.96

Trust: 1.0

vendor:netgearmodel:r6150scope:ltversion:1.0.1.10

Trust: 1.0

vendor:netgearmodel:r6900scope:ltversion:1.2.0.4

Trust: 1.0

vendor:netgearmodel:wnr3500lscope:ltversion:1.2.0.44

Trust: 1.0

vendor:netgearmodel:r7500scope:ltversion:1.0.3.20

Trust: 1.0

vendor:netgearmodel:r6300scope:ltversion:1.0.4.12

Trust: 1.0

vendor:netgearmodel:wndr4500scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.2.32

Trust: 1.0

vendor:netgearmodel:d6220scope:eqversion:1.0.0.40

Trust: 0.8

vendor:netgearmodel:d6400scope:eqversion:1.0.0.74

Trust: 0.8

vendor:netgearmodel:d7000scope:eqversion:1.0.1.60

Trust: 0.8

vendor:netgearmodel:d7800scope:eqversion:1.0.1.34

Trust: 0.8

vendor:netgearmodel:d8500scope:eqversion:1.0.3.39

Trust: 0.8

vendor:netgearmodel:dgn2200scope:eqversion:1.0.0.94

Trust: 0.8

vendor:netgearmodel:dgn2200bv4scope:eqversion:1.0.0.94

Trust: 0.8

vendor:netgearmodel:ex6200scope:eqversion:1.0.1.50

Trust: 0.8

vendor:netgearmodel:ex7000scope:eqversion:1.0.0.56

Trust: 0.8

vendor:netgearmodel:jr6150scope:eqversion:1.0.1.18

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.36

Trust: 0.8

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.20

Trust: 0.6

vendor:netgearmodel:r6400v2scope:ltversion:1.0.2.32

Trust: 0.6

vendor:netgearmodel:wndr4500v3scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:wndr4300v2scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:jr6150scope:ltversion:1.0.1.10

Trust: 0.6

vendor:netgearmodel:r6700v2scope:ltversion:1.2.0.4

Trust: 0.6

vendor:netgearmodel:r6900v2scope:ltversion:1.2.0.4

Trust: 0.6

vendor:netgearmodel:r6300v2scope:ltversion:1.0.4.12

Trust: 0.6

vendor:netgearmodel:dgn2200v4scope:ltversion:1.0.0.94

Trust: 0.6

vendor:netgearmodel:dgn2200bv4scope:ltversion:1.0.0.94

Trust: 0.6

vendor:netgearmodel:ex6200v2scope:ltversion:1.0.1.50

Trust: 0.6

vendor:netgearmodel:r6050 <1.0.1.10jscope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr3400v3scope:ltversion:1.0.1.14

Trust: 0.6

vendor:netgearmodel:wndr3700v4scope:ltversion:1.0.2.96

Trust: 0.6

vendor:netgearmodel:wndr4300v1scope:ltversion:1.0.2.98

Trust: 0.6

vendor:netgearmodel:wnr3500lv2scope:ltversion:1.2.0.44

Trust: 0.6

sources: CNVD: CNVD-2020-31317 // JVNDB: JVNDB-2017-014876 // NVD: CVE-2017-18769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18769
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18769
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014876
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-31317
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1874
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18769
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014876
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31317
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18769
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18769
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014876
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31317 // JVNDB: JVNDB-2017-014876 // CNNVD: CNNVD-202004-1874 // NVD: CVE-2017-18769 // NVD: CVE-2017-18769

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014876 // NVD: CVE-2017-18769

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1874

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014876

PATCH
title:Security Advisory for Arbitrary File Read on Some Routers, Gateways, and Extenders, PSV-2016-0122url:https://kb.netgear.com/000051474/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0122
Trust: 0.8
title:Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-31317)url:https://www.cnvd.org.cn/patchInfo/show/220091
Trust: 0.6
title:Multiple NETGEAR Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117001
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31317 // 
            
            
            
            JVNDB: JVNDB-2017-014876 // 
            
            
            
            CNNVD: CNNVD-202004-1874

EXTERNAL IDS
db:NVDid:CVE-2017-18769
Trust: 3.0
db:JVNDBid:JVNDB-2017-014876
Trust: 0.8
db:CNVDid:CNVD-2020-31317
Trust: 0.6
db:CNNVDid:CNNVD-202004-1874
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31317 // 
            
            
            
            JVNDB: JVNDB-2017-014876 // 
            
            
            
            CNNVD: CNNVD-202004-1874 // 
            
            
            
            NVD: CVE-2017-18769

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18769
Trust: 2.0
url:https://kb.netgear.com/000051474/security-advisory-for-arbitrary-file-read-on-some-routers-gateways-and-extenders-psv-2016-0122
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18769
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-31317 // 
            
            
            
            JVNDB: JVNDB-2017-014876 // 
            
            
            
            CNNVD: CNNVD-202004-1874 // 
            
            
            
            NVD: CVE-2017-18769

SOURCES
db:CNVDid:CNVD-2020-31317
db:JVNDBid:JVNDB-2017-014876
db:CNNVDid:CNNVD-202004-1874
db:NVDid:CVE-2017-18769

LAST UPDATE DATE
2024-11-23T21:51:30.977000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31317date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014876date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1874date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18769date:2024-11-21T03:20:52.507

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31317date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014876date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1874date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18769date:2020-04-22T15:15:11.457