Sign-up

ID

VAR-202004-1349


CVE

CVE-2017-18745


TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014880

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR R6400, etc. are all wireless routers from NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2017-18745 // JVNDB: JVNDB-2017-014880 // CNVD: CNVD-2021-50919

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-50919

AFFECTED PRODUCTS

vendor:netgearmodel:r7300dstscope:ltversion:1.0.0.56

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.0.1.22

Trust: 1.6

vendor:netgearmodel:r6900scope:ltversion:1.0.1.22

Trust: 1.6

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.32

Trust: 1.6

vendor:netgearmodel:r7900scope:ltversion:1.0.1.12

Trust: 1.6

vendor:netgearmodel:r8000scope:ltversion:1.0.3.24

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.74

Trust: 1.6

vendor:netgearmodel:r7000scope:ltversion:1.0.9.4

Trust: 1.6

vendor:netgearmodel:r6400scope:ltversion:1.0.1.14

Trust: 1.6

vendor:netgearmodel:r6400scope:eqversion:1.0.1.14

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:1.0.1.22

Trust: 0.8

vendor:netgearmodel:r6900scope:eqversion:1.0.1.22

Trust: 0.8

vendor:netgearmodel:r7000scope:eqversion:1.0.9.4

Trust: 0.8

vendor:netgearmodel:r7100lgscope:eqversion:1.0.9.4

Trust: 0.8

vendor:netgearmodel:r7300dstscope:eqversion:1.0.0.56

Trust: 0.8

vendor:netgearmodel:r7900scope:eqversion:1.0.1.12

Trust: 0.8

vendor:netgearmodel:r8000scope:eqversion:1.0.3.24

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.74

Trust: 0.8

sources: CNVD: CNVD-2021-50919 // JVNDB: JVNDB-2017-014880 // NVD: CVE-2017-18745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18745
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18745
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014880
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-50919
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1987
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18745
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014880
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-50919
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18745
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18745
baseSeverity: MEDIUM
baseScore: 5.2
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014880
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-50919 // JVNDB: JVNDB-2017-014880 // CNNVD: CNNVD-202004-1987 // NVD: CVE-2017-18745 // NVD: CVE-2017-18745

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-014880 // NVD: CVE-2017-18745

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1987

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1987

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014880

PATCH
title:Security Advisory for Stored Cross-Site Scripting on Some Routers, PSV-2017-0323url:https://kb.netgear.com/000051510/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2017-0323
Trust: 0.8
title:Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2021-50919)url:https://www.cnvd.org.cn/patchInfo/show/279086
Trust: 0.6
title:Multiple NETGEAR Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116750
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-50919 // 
            
            
            
            JVNDB: JVNDB-2017-014880 // 
            
            
            
            CNNVD: CNNVD-202004-1987

EXTERNAL IDS
db:NVDid:CVE-2017-18745
Trust: 3.0
db:JVNDBid:JVNDB-2017-014880
Trust: 0.8
db:CNVDid:CNVD-2021-50919
Trust: 0.6
db:CNNVDid:CNNVD-202004-1987
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-50919 // 
            
            
            
            JVNDB: JVNDB-2017-014880 // 
            
            
            
            CNNVD: CNNVD-202004-1987 // 
            
            
            
            NVD: CVE-2017-18745

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18745
Trust: 2.0
url:https://kb.netgear.com/000051510/security-advisory-for-stored-cross-site-scripting-on-some-routers-psv-2017-0323
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18745
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-50919 // 
            
            
            
            JVNDB: JVNDB-2017-014880 // 
            
            
            
            CNNVD: CNNVD-202004-1987 // 
            
            
            
            NVD: CVE-2017-18745

SOURCES
db:CNVDid:CNVD-2021-50919
db:JVNDBid:JVNDB-2017-014880
db:CNNVDid:CNNVD-202004-1987
db:NVDid:CVE-2017-18745

LAST UPDATE DATE
2024-11-23T22:29:39.061000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-50919date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2017-014880date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1987date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18745date:2024-11-21T03:20:49.143

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-50919date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2017-014880date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1987date:2020-04-23T00:00:00
db:NVDid:CVE-2017-18745date:2020-04-23T16:15:12.743