Details of VAR-202004-1344

ID

VAR-202004-1344

CVE

CVE-2017-18780

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014909

DESCRIPTION

Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router

Trust: 2.16

sources: NVD: CVE-2017-18780 // JVNDB: JVNDB-2017-014909 // CNVD: CNVD-2020-31326

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31326

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.24	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.52	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.20	Trust: 1.6
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.26	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.26	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.36	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.60	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.12	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.50	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.12	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.12	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.24	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.52	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.20	Trust: 0.8
vendor:	netgear	model:	r6020	scope:	eq	version:	1.0.0.26	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r6080	scope:	eq	version:	1.0.0.26	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.36	Trust: 0.8
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.12	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.12	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	1.1.0.50	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6

sources: CNVD: CNVD-2020-31326 // JVNDB: JVNDB-2017-014909 // NVD: CVE-2017-18780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18780
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18780
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014909
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-31326
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1884
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18780
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014909
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31326
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18780
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18780
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014909
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31326 // JVNDB: JVNDB-2017-014909 // CNNVD: CNNVD-202004-1884 // NVD: CVE-2017-18780 // NVD: CVE-2017-18780

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-18780

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1884

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1884

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014909

PATCH

title:	Security Advisory for Denial of Service on Some Routers, PSV-2017-2955	url:	https://kb.netgear.com/000049539/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-2955	Trust: 0.8
title:	Patches for denial of service vulnerabilities in multiple NETGEAR products	url:	https://www.cnvd.org.cn/patchInfo/show/220029	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116660	Trust: 0.6

sources: CNVD: CNVD-2020-31326 // JVNDB: JVNDB-2017-014909 // CNNVD: CNNVD-202004-1884

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18780	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014909	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31326	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1884	Trust: 0.6

sources: CNVD: CNVD-2020-31326 // JVNDB: JVNDB-2017-014909 // CNNVD: CNNVD-202004-1884 // NVD: CVE-2017-18780

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18780	Trust: 2.0
url:	https://kb.netgear.com/000049539/security-advisory-for-denial-of-service-on-some-routers-psv-2017-2955	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18780	Trust: 0.8

sources: CNVD: CNVD-2020-31326 // JVNDB: JVNDB-2017-014909 // CNNVD: CNNVD-202004-1884 // NVD: CVE-2017-18780

SOURCES

db:	CNVD	id:	CNVD-2020-31326
db:	JVNDB	id:	JVNDB-2017-014909
db:	CNNVD	id:	CNNVD-202004-1884
db:	NVD	id:	CVE-2017-18780

LAST UPDATE DATE

2024-11-23T23:04:25.159000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31326	date:	2021-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-014909	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1884	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18780	date:	2024-11-21T03:20:54.087

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31326	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014909	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1884	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18780	date:	2020-04-22T15:15:12.473