Details of VAR-202004-1340

ID

VAR-202004-1340

CVE

CVE-2017-18776

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014915

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000 and so on are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNR2000 is a wireless router

Trust: 2.16

sources: NVD: CVE-2017-18776 // JVNDB: JVNDB-2017-014915 // CNVD: CNVD-2020-31322

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31322

AFFECTED PRODUCTS

vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.50	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.50	Trust: 1.6
vendor:	netgear	model:	d6100	scope:	lt	version:	1.0.0.55	Trust: 1.6
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.24	Trust: 1.6
vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.0.108	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.40	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.40	Trust: 1.6
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.2.88	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.40	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.40	Trust: 1.0
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.3.10	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.40	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	eq	version:	1.0.0.55	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.50	Trust: 0.8
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.24	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.40	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.40	Trust: 0.8
vendor:	netgear	model:	r6100	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.50	Trust: 0.8
vendor:	netgear	model:	r7500	scope:	eq	version:	1.0.0.108	Trust: 0.8
vendor:	netgear	model:	r7500	scope:	eq	version:	1.0.3.10	Trust: 0.8
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.2.88	Trust: 0.8
vendor:	netgear	model:	wndr4500v3	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	wndr4300v2	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.40	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.40	Trust: 0.6
vendor:	netgear	model:	r7500v2	scope:	lt	version:	1.0.3.10	Trust: 0.6
vendor:	netgear	model:	wndr4300v1	scope:	lt	version:	1.0.2.88	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.40	Trust: 0.6
vendor:	netgear	model:	wnr2000v5	scope:	lt	version:	1.0.0.42	Trust: 0.6

sources: CNVD: CNVD-2020-31322 // JVNDB: JVNDB-2017-014915 // NVD: CVE-2017-18776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18776
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18776
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014915
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-31322
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1880
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18776
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014915
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31322
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18776
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18776
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014915
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31322 // JVNDB: JVNDB-2017-014915 // CNNVD: CNNVD-202004-1880 // NVD: CVE-2017-18776 // NVD: CVE-2017-18776

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014915 // NVD: CVE-2017-18776

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1880

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1880

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014915

PATCH

title:	Security Advisory for Authentication Bypass on Some Routers and Gateways, PSV-2017-0387	url:	https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2020-31322)	url:	https://www.cnvd.org.cn/patchInfo/show/220057	Trust: 0.6

sources: CNVD: CNVD-2020-31322 // JVNDB: JVNDB-2017-014915

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18776	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014915	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31322	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1880	Trust: 0.6

sources: CNVD: CNVD-2020-31322 // JVNDB: JVNDB-2017-014915 // CNNVD: CNNVD-202004-1880 // NVD: CVE-2017-18776

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18776	Trust: 2.0
url:	https://kb.netgear.com/000049552/security-advisory-for-authentication-bypass-on-some-routers-and-gateways-psv-2017-0387	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18776	Trust: 0.8

sources: CNVD: CNVD-2020-31322 // JVNDB: JVNDB-2017-014915 // CNNVD: CNNVD-202004-1880 // NVD: CVE-2017-18776

SOURCES

db:	CNVD	id:	CNVD-2020-31322
db:	JVNDB	id:	JVNDB-2017-014915
db:	CNNVD	id:	CNNVD-202004-1880
db:	NVD	id:	CVE-2017-18776

LAST UPDATE DATE

2024-11-23T22:25:32.678000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31322	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014915	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1880	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18776	date:	2024-11-21T03:20:53.340

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31322	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014915	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1880	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18776	date:	2020-04-22T15:15:12.050