Details of VAR-202004-1345

ID

VAR-202004-1345

CVE

CVE-2017-18741

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014938

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.0.1.20, R7000 before 1.0.7.10, R7000P before 1.0.0.58, R6900P before 1.0.0.58, R7100LG before 1.0.0.32, R7900 before 1.0.1.14, R8000 before 1.0.3.22, and R8500 before 1.0.2.94. plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained. NETGEAR R6250, etc. are all wireless routers from NETGEAR. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18741 // JVNDB: JVNDB-2017-014938 // CNVD: CNVD-2021-57161

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57161

AFFECTED PRODUCTS

vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.94	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.20	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.7.10	Trust: 1.6
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.0.0.58	Trust: 1.6
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.0.0.58	Trust: 1.6
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.8	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.14	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.22	Trust: 1.6
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.8	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.20	Trust: 0.8
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.0.0.58	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.10	Trust: 0.8
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.0.58	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.14	Trust: 0.8
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.22	Trust: 0.8
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.94	Trust: 0.8
vendor:	netgear	model:	r6300v2	scope:	lt	version:	1.0.4.8	Trust: 0.6

sources: CNVD: CNVD-2021-57161 // JVNDB: JVNDB-2017-014938 // NVD: CVE-2017-18741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18741
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18741
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014938
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-57161
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1982
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18741
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014938
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-57161
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18741
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18741
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014938
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-57161 // JVNDB: JVNDB-2017-014938 // CNNVD: CNNVD-202004-1982 // NVD: CVE-2017-18741 // NVD: CVE-2017-18741

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-18741

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1982

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1982

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014938

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers, PSV-2017-0335	url:	https://kb.netgear.com/000051514/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0335	Trust: 0.8
title:	Patch for Unspecified vulnerabilities exist in many NETGEAR products (CNVD-2021-57161)	url:	https://www.cnvd.org.cn/patchInfo/show/282681	Trust: 0.6

sources: CNVD: CNVD-2021-57161 // JVNDB: JVNDB-2017-014938

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18741	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014938	Trust: 0.8
db:	CNVD	id:	CNVD-2021-57161	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1982	Trust: 0.6

sources: CNVD: CNVD-2021-57161 // JVNDB: JVNDB-2017-014938 // CNNVD: CNNVD-202004-1982 // NVD: CVE-2017-18741

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18741	Trust: 2.0
url:	https://kb.netgear.com/000051514/security-advisory-for-security-misconfiguration-on-some-routers-psv-2017-0335	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18741	Trust: 0.8

sources: CNVD: CNVD-2021-57161 // JVNDB: JVNDB-2017-014938 // CNNVD: CNNVD-202004-1982 // NVD: CVE-2017-18741

SOURCES

db:	CNVD	id:	CNVD-2021-57161
db:	JVNDB	id:	JVNDB-2017-014938
db:	CNNVD	id:	CNNVD-202004-1982
db:	NVD	id:	CVE-2017-18741

LAST UPDATE DATE

2024-11-23T22:44:36.386000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57161	date:	2021-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-014938	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1982	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2017-18741	date:	2024-11-21T03:20:48.547

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57161	date:	2020-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014938	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1982	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18741	date:	2020-04-23T16:15:12.507