Details of VAR-202004-1347

ID

VAR-202004-1347

CVE

CVE-2017-18743

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014940

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all wireless routers from NETGEAR. There are security vulnerabilities in many NETGEAR products

Trust: 2.16

sources: NVD: CVE-2017-18743 // JVNDB: JVNDB-2017-014940 // CNVD: CNVD-2021-50918

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-50918

AFFECTED PRODUCTS

vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.94	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.94	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.20	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.20	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.20	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.7.10	Trust: 1.6
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.52	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.16	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.36	Trust: 1.6
vendor:	netgear	model:	wnr3500l	scope:	lt	version:	1.2.0.40	Trust: 1.0
vendor:	netgear	model:	wndr3400	scope:	lt	version:	1.0.1.12	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.8	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.20	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.20	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.20	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.10	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.5	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.16	Trust: 0.8
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.36	Trust: 0.8
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.94	Trust: 0.8
vendor:	netgear	model:	r6300v2	scope:	lt	version:	1.0.4.8	Trust: 0.6
vendor:	netgear	model:	wndr3400v3	scope:	lt	version:	1.0.1.12	Trust: 0.6
vendor:	netgear	model:	wnr3500lv2	scope:	lt	version:	1.2.0.40	Trust: 0.6

sources: CNVD: CNVD-2021-50918 // JVNDB: JVNDB-2017-014940 // NVD: CVE-2017-18743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18743
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18743
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014940
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-50918
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1985
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18743
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014940
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-50918
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18743
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18743
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014940
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-50918 // JVNDB: JVNDB-2017-014940 // CNNVD: CNNVD-202004-1985 // NVD: CVE-2017-18743 // NVD: CVE-2017-18743

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014940 // NVD: CVE-2017-18743

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1985

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1985

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014940

PATCH

title:	Security Advisory for Security Misconfiguration on Some Extenders, PSV-2016-0253	url:	https://kb.netgear.com/000051508/Security-Advisory-for-Security-Misconfiguration-on-Some-Extenders-PSV-2016-0253	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2021-50918)	url:	https://www.cnvd.org.cn/patchInfo/show/279076	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116748	Trust: 0.6

sources: CNVD: CNVD-2021-50918 // JVNDB: JVNDB-2017-014940 // CNNVD: CNNVD-202004-1985

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18743	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014940	Trust: 0.8
db:	CNVD	id:	CNVD-2021-50918	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1985	Trust: 0.6

sources: CNVD: CNVD-2021-50918 // JVNDB: JVNDB-2017-014940 // CNNVD: CNNVD-202004-1985 // NVD: CVE-2017-18743

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18743	Trust: 2.0
url:	https://kb.netgear.com/000051512/security-advisory-for-authentication-bypass-on-some-routers-psv-2017-0330	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18743	Trust: 0.8

sources: CNVD: CNVD-2021-50918 // JVNDB: JVNDB-2017-014940 // CNNVD: CNNVD-202004-1985 // NVD: CVE-2017-18743

SOURCES

db:	CNVD	id:	CNVD-2021-50918
db:	JVNDB	id:	JVNDB-2017-014940
db:	CNNVD	id:	CNNVD-202004-1985
db:	NVD	id:	CVE-2017-18743

LAST UPDATE DATE

2024-11-23T22:16:30.435000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-50918	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-014940	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1985	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2017-18743	date:	2024-11-21T03:20:48.853

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-50918	date:	2021-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-014940	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1985	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18743	date:	2020-04-23T16:15:12.617