Details of VAR-202004-1339

ID

VAR-202004-1339

CVE

CVE-2017-18775

TITLE

plural NETGEAR Cross-site request forgery vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2017-014914

DESCRIPTION

Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500 is a wireless router of NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client. This affects R6100 prior to 1.0.1.12, R7500 prior to 1.0.0.108, WNDR3700v4 prior to 1.0.2.86, WNDR4300v1 prior to 1.0.2.88, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.42

Trust: 2.25

sources: NVD: CVE-2017-18775 // JVNDB: JVNDB-2017-014914 // CNVD: CNVD-2020-31321 // VULMON: CVE-2017-18775

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31321

AFFECTED PRODUCTS

vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.0.108	Trust: 1.6
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.2.88	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.0.2.86	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	r6100	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r7500	scope:	eq	version:	1.0.0.108	Trust: 0.8
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.86	Trust: 0.8
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.0.48	Trust: 0.8
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.2.88	Trust: 0.8
vendor:	netgear	model:	wndr4500	scope:	eq	version:	1.0.0.48	Trust: 0.8
vendor:	netgear	model:	wnr2000	scope:	eq	version:	1.0.0.42	Trust: 0.8
vendor:	netgear	model:	wndr4500v3	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	wndr4300v2	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	wndr4300v1	scope:	lt	version:	1.0.2.88	Trust: 0.6
vendor:	netgear	model:	wnr2000v5	scope:	lt	version:	1.0.0.42	Trust: 0.6
vendor:	netgear	model:	wndr3700v4	scope:	lt	version:	1.0.2.86	Trust: 0.6

sources: CNVD: CNVD-2020-31321 // JVNDB: JVNDB-2017-014914 // NVD: CVE-2017-18775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18775
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18775
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014914
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-31321
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1879
value:	HIGH
Trust: 0.6
VULMON:	CVE-2017-18775
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18775
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014914
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31321
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18775
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18775
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014914
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31321 // VULMON: CVE-2017-18775 // JVNDB: JVNDB-2017-014914 // CNNVD: CNNVD-202004-1879 // NVD: CVE-2017-18775 // NVD: CVE-2017-18775

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2017-014914 // NVD: CVE-2017-18775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1879

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202004-1879

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014914

PATCH

title:	Security Advisory for Cross-Site Request Forgery on Some Routers and Gateways, PSV-2017-0388	url:	https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388	Trust: 0.8
title:	Patch for Multiple NETGEAR product cross-site request forgery vulnerabilities (CNVD-2020-31321)	url:	https://www.cnvd.org.cn/patchInfo/show/220059	Trust: 0.6
title:	Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116655	Trust: 0.6

sources: CNVD: CNVD-2020-31321 // JVNDB: JVNDB-2017-014914 // CNNVD: CNNVD-202004-1879

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18775	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014914	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31321	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1879	Trust: 0.6
db:	VULMON	id:	CVE-2017-18775	Trust: 0.1

sources: CNVD: CNVD-2020-31321 // VULMON: CVE-2017-18775 // JVNDB: JVNDB-2017-014914 // CNNVD: CNNVD-202004-1879 // NVD: CVE-2017-18775

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18775	Trust: 2.0
url:	https://kb.netgear.com/000049553/security-advisory-for-cross-site-request-forgery-on-some-routers-and-gateways-psv-2017-0388	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18775	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-31321 // VULMON: CVE-2017-18775 // JVNDB: JVNDB-2017-014914 // CNNVD: CNNVD-202004-1879 // NVD: CVE-2017-18775

SOURCES

db:	CNVD	id:	CNVD-2020-31321
db:	VULMON	id:	CVE-2017-18775
db:	JVNDB	id:	JVNDB-2017-014914
db:	CNNVD	id:	CNNVD-202004-1879
db:	NVD	id:	CVE-2017-18775

LAST UPDATE DATE

2024-11-23T22:33:28.580000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31321	date:	2020-06-03T00:00:00
db:	VULMON	id:	CVE-2017-18775	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-014914	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1879	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18775	date:	2024-11-21T03:20:53.187

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31321	date:	2020-06-03T00:00:00
db:	VULMON	id:	CVE-2017-18775	date:	2020-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-014914	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1879	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18775	date:	2020-04-22T15:15:12.003