Details of VAR-202004-1342

ID

VAR-202004-1342

CVE

CVE-2017-18778

TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014917

DESCRIPTION

plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR WNR2020 and so on are all products of NETGEAR. NETGEAR WNR2020 is a wireless router. NETGEAR R7500 is a wireless router. NETGEAR D6220 is a wireless modem. A number of NETGEAR products have input validation error vulnerabilities that result from security configuration errors. No detailed vulnerability details are currently available

Trust: 1.26

sources: JVNDB: JVNDB-2017-014917 // CNVD: CNVD-2020-31324

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31324

AFFECTED PRODUCTS

vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.36	Trust: 1.6
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.0.112	Trust: 1.6
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.2.52	Trust: 1.6
vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.60	Trust: 1.6
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.29	Trust: 1.6
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.56	Trust: 1.6
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.60	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.20	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.52	Trust: 1.6
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.104	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.104	Trust: 1.6
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.28	Trust: 1.6
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.24	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.14	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.14	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.1.0.26	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.2	Trust: 1.6
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.1.4.6	Trust: 1.6
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.1.4.6	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.0.38	Trust: 1.0
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.3.24	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.2.96	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.52	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.2	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.2	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.50	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.0.2.94	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.52	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.46	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.28	Trust: 0.8
vendor:	netgear	model:	d6400	scope:	eq	version:	1.0.0.60	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.0.38	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.52	Trust: 0.8
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.24	Trust: 0.8
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.29	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.14	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.0.1.14	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.20	Trust: 0.8
vendor:	netgear	model:	r7500v2	scope:	lt	version:	1.0.3.24	Trust: 0.6
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.2.46	Trust: 0.6
vendor:	netgear	model:	wndr3700v4	scope:	lt	version:	1.0.2.94	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	1.1.0.50	Trust: 0.6
vendor:	netgear	model:	d7000v2	scope:	lt	version:	1.0.0.38	Trust: 0.6
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.2	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.2	Trust: 0.6
vendor:	netgear	model:	wndr4300v1	scope:	lt	version:	1.0.2.96	Trust: 0.6
vendor:	netgear	model:	wndr4300v2	scope:	lt	version:	1.0.0.52	Trust: 0.6
vendor:	netgear	model:	wndr4500v3	scope:	lt	version:	1.0.0.52	Trust: 0.6

sources: CNVD: CNVD-2020-31324 // JVNDB: JVNDB-2017-014917 // NVD: CVE-2017-18778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18778
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18778
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014917
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-31324
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1882
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18778
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014917
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31324
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18778
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18778
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014917
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31324 // JVNDB: JVNDB-2017-014917 // CNNVD: CNNVD-202004-1882 // NVD: CVE-2017-18778 // NVD: CVE-2017-18778

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-014917 // NVD: CVE-2017-18778

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1882

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1882

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014917

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers and Gateways, PSV-2017-2957	url:	https://kb.netgear.com/000049543/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-2957	Trust: 0.8
title:	Patch for Multiple NETGEAR product input verification error vulnerabilities (CNVD-2020-31324)	url:	https://www.cnvd.org.cn/patchInfo/show/220045	Trust: 0.6
title:	Multiple NETGEAR Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117240	Trust: 0.6

sources: CNVD: CNVD-2020-31324 // JVNDB: JVNDB-2017-014917 // CNNVD: CNNVD-202004-1882

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18778	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014917	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31324	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1882	Trust: 0.6

sources: CNVD: CNVD-2020-31324 // JVNDB: JVNDB-2017-014917 // CNNVD: CNNVD-202004-1882 // NVD: CVE-2017-18778

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18778	Trust: 2.0
url:	https://kb.netgear.com/000049543/security-advisory-for-security-misconfiguration-on-some-routers-and-gateways-psv-2017-2957	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18778	Trust: 0.8

sources: CNVD: CNVD-2020-31324 // JVNDB: JVNDB-2017-014917 // CNNVD: CNNVD-202004-1882 // NVD: CVE-2017-18778

SOURCES

db:	CNVD	id:	CNVD-2020-31324
db:	JVNDB	id:	JVNDB-2017-014917
db:	CNNVD	id:	CNNVD-202004-1882
db:	NVD	id:	CVE-2017-18778

LAST UPDATE DATE

2024-11-23T23:11:27.105000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31324	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014917	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1882	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18778	date:	2024-11-21T03:20:53.747

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31324	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014917	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1882	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18778	date:	2020-04-22T15:15:12.253