Sign-up

ID

VAR-202004-1341


CVE

CVE-2017-18777


TITLE

plural NETGEAR Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014916

DESCRIPTION

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40. plural NETGEAR Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR R6700 is a wireless router. NETGEAR D6220 is a wireless modem

Trust: 2.16

sources: NVD: CVE-2017-18777 // JVNDB: JVNDB-2017-014916 // CNVD: CNVD-2020-31323

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31323

AFFECTED PRODUCTS

vendor:netgearmodel:d6400scope:ltversion:1.0.0.60

Trust: 1.6

vendor:netgearmodel:d8500scope:ltversion:1.0.3.29

Trust: 1.6

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.32

Trust: 1.6

vendor:netgearmodel:r8300scope:ltversion:1.0.2.94

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.94

Trust: 1.6

vendor:netgearmodel:d6220scope:ltversion:1.0.0.28

Trust: 1.6

vendor:netgearmodel:r6400scope:ltversion:1.0.1.20

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.0.1.20

Trust: 1.6

vendor:netgearmodel:r6900scope:ltversion:1.0.1.20

Trust: 1.6

vendor:netgearmodel:r7000scope:ltversion:1.0.7.10

Trust: 1.6

vendor:netgearmodel:r7300dstscope:ltversion:1.0.0.52

Trust: 1.6

vendor:netgearmodel:r7900scope:ltversion:1.0.1.16

Trust: 1.6

vendor:netgearmodel:r8000scope:ltversion:1.0.3.36

Trust: 1.6

vendor:netgearmodel:dgn2200bscope:ltversion:1.0.0.82

Trust: 1.0

vendor:netgearmodel:wnr3500lscope:ltversion:1.2.0.40

Trust: 1.0

vendor:netgearmodel:wndr3400scope:ltversion:1.0.1.12

Trust: 1.0

vendor:netgearmodel:dgn2200scope:ltversion:1.0.0.82

Trust: 1.0

vendor:netgearmodel:r6300scope:ltversion:1.0.4.8

Trust: 1.0

vendor:netgearmodel:d6220scope:eqversion:1.0.0.28

Trust: 0.8

vendor:netgearmodel:d6400scope:eqversion:1.0.0.60

Trust: 0.8

vendor:netgearmodel:d8500scope:eqversion:1.0.3.29

Trust: 0.8

vendor:netgearmodel:dgn2200scope:eqversion:1.0.0.82

Trust: 0.8

vendor:netgearmodel:dgn2200bscope:eqversion:1.0.0.82

Trust: 0.8

vendor:netgearmodel:r6300scope:eqversion:1.0.4.8

Trust: 0.8

vendor:netgearmodel:r6400scope:eqversion:1.0.1.20

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:1.0.1.20

Trust: 0.8

vendor:netgearmodel:r6900scope:eqversion:1.0.1.20

Trust: 0.8

vendor:netgearmodel:r7000scope:eqversion:1.0.7.10

Trust: 0.8

vendor:netgearmodel:dgn2200v4scope:lteversion:<=1.0.0.82

Trust: 0.6

vendor:netgearmodel:dgn2200bv4scope:ltversion:1.0.0.82

Trust: 0.6

vendor:netgearmodel:r6300v2scope:ltversion:1.0.4.8

Trust: 0.6

vendor:netgearmodel:wndr3400v3scope:ltversion:1.0.1.12

Trust: 0.6

vendor:netgearmodel:wnr3500lv2scope:ltversion:1.2.0.40

Trust: 0.6

sources: CNVD: CNVD-2020-31323 // JVNDB: JVNDB-2017-014916 // NVD: CVE-2017-18777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18777
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18777
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014916
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-31323
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1881
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-18777
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014916
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31323
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18777
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18777
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014916
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31323 // JVNDB: JVNDB-2017-014916 // CNNVD: CNNVD-202004-1881 // NVD: CVE-2017-18777 // NVD: CVE-2017-18777

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

sources: JVNDB: JVNDB-2017-014916 // NVD: CVE-2017-18777

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1881

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1881

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014916

PATCH
title:Security Advisory for Administrative Password Disclosure on Some Routers and Gateways, PSV-2017-0385url:https://kb.netgear.com/000049551/Security-Advisory-for-Administrative-Password-Disclosure-on-Some-Routers-and-Gateways-PSV-2017-0385
Trust: 0.8
title:Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-31323)url:https://www.cnvd.org.cn/patchInfo/show/220055
Trust: 0.6
title:Multiple NETGEAR Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116657
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31323 // 
            
            
            
            JVNDB: JVNDB-2017-014916 // 
            
            
            
            CNNVD: CNNVD-202004-1881

EXTERNAL IDS
db:NVDid:CVE-2017-18777
Trust: 3.0
db:JVNDBid:JVNDB-2017-014916
Trust: 0.8
db:CNVDid:CNVD-2020-31323
Trust: 0.6
db:CNNVDid:CNNVD-202004-1881
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31323 // 
            
            
            
            JVNDB: JVNDB-2017-014916 // 
            
            
            
            CNNVD: CNNVD-202004-1881 // 
            
            
            
            NVD: CVE-2017-18777

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18777
Trust: 2.0
url:https://kb.netgear.com/000049551/security-advisory-for-administrative-password-disclosure-on-some-routers-and-gateways-psv-2017-0385
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18777
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-31323 // 
            
            
            
            JVNDB: JVNDB-2017-014916 // 
            
            
            
            CNNVD: CNNVD-202004-1881 // 
            
            
            
            NVD: CVE-2017-18777

SOURCES
db:CNVDid:CNVD-2020-31323
db:JVNDBid:JVNDB-2017-014916
db:CNNVDid:CNNVD-202004-1881
db:NVDid:CVE-2017-18777

LAST UPDATE DATE
2024-11-23T23:01:24.503000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31323date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014916date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1881date:2020-04-26T00:00:00
db:NVDid:CVE-2017-18777date:2024-11-21T03:20:53.580

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31323date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014916date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1881date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18777date:2020-04-22T15:15:12.097