Details of VAR-202004-1337

ID

VAR-202004-1337

CVE

CVE-2017-18772

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014919

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500, etc. are all products of NETGEAR. NETGEAR R8500 is a wireless router. NETGEAR WNR2000 is a wireless router. NETGEAR EX3700 is a wireless WiFi signal range extender

Trust: 2.16

sources: NVD: CVE-2017-18772 // JVNDB: JVNDB-2017-014919 // CNVD: CNVD-2020-31319

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31319

AFFECTED PRODUCTS

vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.22	Trust: 1.6
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.52	Trust: 1.6
vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.64	Trust: 1.6
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.64	Trust: 1.6
vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	ex6130	scope:	lt	version:	1.0.0.16	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.26	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.6	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.24	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.74	Trust: 1.6
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.2.0.8	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.12	Trust: 1.0
vendor:	netgear	model:	ex3700	scope:	eq	version:	1.0.0.64	Trust: 0.8
vendor:	netgear	model:	ex3800	scope:	eq	version:	1.0.0.64	Trust: 0.8
vendor:	netgear	model:	ex6120	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	ex6130	scope:	eq	version:	1.0.0.16	Trust: 0.8
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.12	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.26	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.22	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.6	Trust: 0.8
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.52	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r6300v2	scope:	lt	version:	1.0.4.12	Trust: 0.6
vendor:	netgear	model:	wnr2000v2	scope:	lt	version:	1.2.0.8	Trust: 0.6

sources: CNVD: CNVD-2020-31319 // JVNDB: JVNDB-2017-014919 // NVD: CVE-2017-18772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18772
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18772
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014919
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-31319
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1876
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18772
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014919
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31319
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18772
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18772
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014919
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31319 // JVNDB: JVNDB-2017-014919 // CNNVD: CNNVD-202004-1876 // NVD: CVE-2017-18772 // NVD: CVE-2017-18772

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014919 // NVD: CVE-2017-18772

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1876

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1876

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014919

PATCH

title:	Security Advisory for Authentication Bypass on Some Routers and Extenders, PSV-2017-0424	url:	https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2020-31319)	url:	https://www.cnvd.org.cn/patchInfo/show/220069	Trust: 0.6
title:	Multiple NETGEAR Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117221	Trust: 0.6

sources: CNVD: CNVD-2020-31319 // JVNDB: JVNDB-2017-014919 // CNNVD: CNNVD-202004-1876

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18772	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014919	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31319	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1876	Trust: 0.6

sources: CNVD: CNVD-2020-31319 // JVNDB: JVNDB-2017-014919 // CNNVD: CNNVD-202004-1876 // NVD: CVE-2017-18772

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18772	Trust: 2.0
url:	https://kb.netgear.com/000051471/security-advisory-for-authentication-bypass-on-some-routers-and-extenders-psv-2017-0424	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18772	Trust: 0.8

sources: CNVD: CNVD-2020-31319 // JVNDB: JVNDB-2017-014919 // CNNVD: CNNVD-202004-1876 // NVD: CVE-2017-18772

SOURCES

db:	CNVD	id:	CNVD-2020-31319
db:	JVNDB	id:	JVNDB-2017-014919
db:	CNNVD	id:	CNNVD-202004-1876
db:	NVD	id:	CVE-2017-18772

LAST UPDATE DATE

2024-11-23T22:05:40.331000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31319	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014919	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1876	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18772	date:	2024-11-21T03:20:52.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31319	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014919	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1876	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18772	date:	2020-04-22T15:15:11.800