Sign-up

ID

VAR-202004-1336


CVE

CVE-2017-18770


TITLE

plural NETGEAR Classic buffer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2017-014877

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14. NETGEAR R7800 , PLW1000v2 , PLW1010v2 A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR PLW1000 is a power line communication modem. NETGEAR PLW1010 is a power line communication modem. NETGEAR R7800 prior to 1.0.2.36, PLW1000v2 prior to 1.0.0.14 and PLW1010v2 prior to 1.0.0.14 have a buffer overflow vulnerability, which originated when the network system or product performed operations on the memory and did not correctly verify the data boundary, resulting in An erroneous read and write operation was performed on the associated other memory location. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2017-18770 // JVNDB: JVNDB-2017-014877 // CNVD: CNVD-2020-31318

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31318

AFFECTED PRODUCTS

vendor:netgearmodel:r7800scope:ltversion:1.0.2.36

Trust: 1.6

vendor:netgearmodel:plw1010scope:ltversion:1.0.0.14

Trust: 1.0

vendor:netgearmodel:plw1000scope:ltversion:1.0.0.14

Trust: 1.0

vendor:netgearmodel:plw1000scope:eqversion:1.0.0.14

Trust: 0.8

vendor:netgearmodel:plw1010scope:eqversion:1.0.0.14

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.36

Trust: 0.8

vendor:netgearmodel:plw1000v2scope:ltversion:1.0.0.14

Trust: 0.6

vendor:netgearmodel:plw1010v2scope:ltversion:1.0.0.14

Trust: 0.6

sources: CNVD: CNVD-2020-31318 // JVNDB: JVNDB-2017-014877 // NVD: CVE-2017-18770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18770
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18770
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014877
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-31318
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1875
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18770
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014877
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31318
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18770
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18770
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014877
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31318 // JVNDB: JVNDB-2017-014877 // CNNVD: CNNVD-202004-1875 // NVD: CVE-2017-18770 // NVD: CVE-2017-18770

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2017-014877 // NVD: CVE-2017-18770

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1875

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1875

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014877

PATCH
title:Security Advisory for Post-Authentication Buffer Overflow on Powerlines and a Router, PSV-2016-0121url:https://kb.netgear.com/000051473/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Powerlines-and-a-Router-PSV-2016-0121
Trust: 0.8
title:Patch for NETGEAR R7800, PLW1000 and PLW1010 buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/220075
Trust: 0.6
title:NETGEAR R7800 , PLW1000  and PLW1010 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117002
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31318 // 
            
            
            
            JVNDB: JVNDB-2017-014877 // 
            
            
            
            CNNVD: CNNVD-202004-1875

EXTERNAL IDS
db:NVDid:CVE-2017-18770
Trust: 3.0
db:JVNDBid:JVNDB-2017-014877
Trust: 0.8
db:CNVDid:CNVD-2020-31318
Trust: 0.6
db:CNNVDid:CNNVD-202004-1875
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31318 // 
            
            
            
            JVNDB: JVNDB-2017-014877 // 
            
            
            
            CNNVD: CNNVD-202004-1875 // 
            
            
            
            NVD: CVE-2017-18770

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18770
Trust: 2.0
url:https://kb.netgear.com/000051473/security-advisory-for-post-authentication-buffer-overflow-on-powerlines-and-a-router-psv-2016-0121
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18770
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-31318 // 
            
            
            
            JVNDB: JVNDB-2017-014877 // 
            
            
            
            CNNVD: CNNVD-202004-1875 // 
            
            
            
            NVD: CVE-2017-18770

SOURCES
db:CNVDid:CNVD-2020-31318
db:JVNDBid:JVNDB-2017-014877
db:CNNVDid:CNNVD-202004-1875
db:NVDid:CVE-2017-18770

LAST UPDATE DATE
2024-11-23T22:55:10.562000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31318date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014877date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1875date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18770date:2024-11-21T03:20:52.690

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31318date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014877date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1875date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18770date:2020-04-22T15:15:11.597