Sign-up

ID

VAR-202004-1350


CVE

CVE-2017-18746


TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014935

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46. plural NETGEAR An unspecified vulnerability exists in the device.Information may be tampered with. NETGEAR EX7000, etc. are all a wireless network signal extender of NETGEAR company. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18746 // JVNDB: JVNDB-2017-014935 // CNVD: CNVD-2021-57162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-57162

AFFECTED PRODUCTS

vendor:netgearmodel:ex3700scope:ltversion:1.0.0.64

Trust: 1.6

vendor:netgearmodel:ex3800scope:ltversion:1.0.0.64

Trust: 1.6

vendor:netgearmodel:ex6000scope:ltversion:1.0.0.24

Trust: 1.6

vendor:netgearmodel:ex6400scope:ltversion:1.0.1.60

Trust: 1.0

vendor:netgearmodel:ex7300scope:ltversion:1.0.1.60

Trust: 1.0

vendor:netgearmodel:wn2500rpscope:ltversion:1.0.1.46

Trust: 1.0

vendor:netgearmodel:ex7000scope:ltversion:1.0.0.50

Trust: 1.0

vendor:netgearmodel:ex6130scope:ltversion:1.0.0.16

Trust: 1.0

vendor:netgearmodel:ex3700scope:eqversion:1.0.0.64

Trust: 0.8

vendor:netgearmodel:ex3800scope:eqversion:1.0.0.64

Trust: 0.8

vendor:netgearmodel:ex6000scope:eqversion:1.0.0.24

Trust: 0.8

vendor:netgearmodel:ex6130scope:eqversion:1.0.0.16

Trust: 0.8

vendor:netgearmodel:ex6400scope:eqversion:1.0.1.60

Trust: 0.8

vendor:netgearmodel:ex7000scope:eqversion:1.0.0.50

Trust: 0.8

vendor:netgearmodel:ex7300scope:eqversion:1.0.1.60

Trust: 0.8

vendor:netgearmodel:wn2500rpscope:eqversion:1.0.1.46

Trust: 0.8

sources: CNVD: CNVD-2021-57162 // JVNDB: JVNDB-2017-014935 // NVD: CVE-2017-18746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18746
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18746
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014935
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-57162
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-2005
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18746
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014935
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-57162
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18746
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18746
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014935
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-57162 // JVNDB: JVNDB-2017-014935 // CNNVD: CNNVD-202004-2005 // NVD: CVE-2017-18746 // NVD: CVE-2017-18746

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-18746

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2005

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2005

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014935

PATCH
title:Security Advisory for Security Misconfiguration on Some Extenders, PSV-2016-0253url:https://kb.netgear.com/000051508/Security-Advisory-for-Security-Misconfiguration-on-Some-Extenders-PSV-2016-0253
Trust: 0.8
title:Patch for NETGEAR has an unspecified vulnerability (CNVD-2021-57162)url:https://www.cnvd.org.cn/patchInfo/show/283606
Trust: 0.6
title:Multiple NETGEAR Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116765
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-57162 // 
            
            
            
            JVNDB: JVNDB-2017-014935 // 
            
            
            
            CNNVD: CNNVD-202004-2005

EXTERNAL IDS
db:NVDid:CVE-2017-18746
Trust: 3.0
db:JVNDBid:JVNDB-2017-014935
Trust: 0.8
db:CNVDid:CNVD-2021-57162
Trust: 0.6
db:CNNVDid:CNNVD-202004-2005
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-57162 // 
            
            
            
            JVNDB: JVNDB-2017-014935 // 
            
            
            
            CNNVD: CNNVD-202004-2005 // 
            
            
            
            NVD: CVE-2017-18746

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18746
Trust: 2.0
url:https://kb.netgear.com/000051508/security-advisory-for-security-misconfiguration-on-some-extenders-psv-2016-0253
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18746
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-57162 // 
            
            
            
            JVNDB: JVNDB-2017-014935 // 
            
            
            
            CNNVD: CNNVD-202004-2005 // 
            
            
            
            NVD: CVE-2017-18746

SOURCES
db:CNVDid:CNVD-2021-57162
db:JVNDBid:JVNDB-2017-014935
db:CNNVDid:CNNVD-202004-2005
db:NVDid:CVE-2017-18746

LAST UPDATE DATE
2024-11-23T23:07:58.740000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-57162date:2021-07-31T00:00:00
db:JVNDBid:JVNDB-2017-014935date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-2005date:2020-04-28T00:00:00
db:NVDid:CVE-2017-18746date:2024-11-21T03:20:49.290

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-57162date:2020-07-30T00:00:00
db:JVNDBid:JVNDB-2017-014935date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-2005date:2020-04-23T00:00:00
db:NVDid:CVE-2017-18746date:2020-04-23T16:15:12.807