Sign-up

ID

VAR-202004-1351


CVE

CVE-2017-18747


TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014866

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. The vulnerability stems from the network system or product not correctly verifying the input data. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18747 // JVNDB: JVNDB-2017-014866 // CNVD: CNVD-2021-50920

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-50920

AFFECTED PRODUCTS

vendor:netgearmodel:ex6400scope:ltversion:1.0.1.60

Trust: 1.0

vendor:netgearmodel:ex7300scope:ltversion:1.0.1.60

Trust: 1.0

vendor:netgearmodel:ex6000scope:ltversion:1.0.0.24

Trust: 1.0

vendor:netgearmodel:wn2500rpscope:ltversion:1.0.1.46

Trust: 1.0

vendor:netgearmodel:ex3700scope:ltversion:1.0.0.64

Trust: 1.0

vendor:netgearmodel:ex7000scope:ltversion:1.0.0.50

Trust: 1.0

vendor:netgearmodel:ex6130scope:ltversion:1.0.0.16

Trust: 1.0

vendor:netgearmodel:ex3800scope:ltversion:1.0.0.64

Trust: 1.0

vendor:netgearmodel:ex3700scope:eqversion:1.0.0.64

Trust: 0.8

vendor:netgearmodel:ex3800scope:eqversion:1.0.0.64

Trust: 0.8

vendor:netgearmodel:ex6000scope:eqversion:1.0.0.24

Trust: 0.8

vendor:netgearmodel:ex6130scope:eqversion:1.0.0.16

Trust: 0.8

vendor:netgearmodel:ex6400scope:eqversion:1.0.1.60

Trust: 0.8

vendor:netgearmodel:ex7000scope:eqversion:1.0.0.50

Trust: 0.8

vendor:netgearmodel:ex7300scope:eqversion:1.0.1.60

Trust: 0.8

vendor:netgearmodel:wn2500rpscope:eqversion:1.0.1.46

Trust: 0.8

vendor:netgearmodel:r7800scope:ltversion:1.0.2.36

Trust: 0.6

vendor:netgearmodel:wnr2000v5scope:ltversion:1.0.0.58

Trust: 0.6

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.20

Trust: 0.6

vendor:netgearmodel:r7500scope:ltversion:1.0.0.112

Trust: 0.6

vendor:netgearmodel:r6100scope:ltversion:1.0.1.16

Trust: 0.6

vendor:netgearmodel:wndr4500v3scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:wndr4300v2scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:jr6150scope:ltversion:1.0.1.10

Trust: 0.6

vendor:netgearmodel:r6050scope:ltversion:1.0.1.10

Trust: 0.6

vendor:netgearmodel:r6220scope:ltversion:1.1.0.50

Trust: 0.6

vendor:netgearmodel:wndr3700v5scope:ltversion:1.1.0.48

Trust: 0.6

vendor:netgearmodel:wndr3700v4scope:ltversion:1.0.2.88

Trust: 0.6

vendor:netgearmodel:wndr4300scope:ltversion:1.0.2.90

Trust: 0.6

vendor:netgearmodel:jnr1010v2scope:ltversion:1.1.0.44

Trust: 0.6

vendor:netgearmodel:jwnr2010v5scope:ltversion:1.1.0.44

Trust: 0.6

vendor:netgearmodel:wnr1000v4scope:ltversion:1.1.0.44

Trust: 0.6

vendor:netgearmodel:wnr2020scope:ltversion:1.1.0.44

Trust: 0.6

vendor:netgearmodel:wnr2050scope:ltversion:1.1.0.44

Trust: 0.6

vendor:netgearmodel:r9000scope:ltversion:1.0.2.40

Trust: 0.6

sources: CNVD: CNVD-2021-50920 // JVNDB: JVNDB-2017-014866 // NVD: CVE-2017-18747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18747
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18747
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014866
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-50920
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1988
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18747
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014866
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-50920
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18747
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18747
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014866
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-50920 // JVNDB: JVNDB-2017-014866 // CNNVD: CNNVD-202004-1988 // NVD: CVE-2017-18747 // NVD: CVE-2017-18747

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-014866 // NVD: CVE-2017-18747

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1988

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1988

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014866

PATCH
title:Security Advisory for Security Misconfiguration on Some Extenders, PSV-2016-0115url:https://kb.netgear.com/000051507/Security-Advisory-for-Security-Misconfiguration-on-Some-Extenders-PSV-2016-0115
Trust: 0.8
title:Patch for Multiple NETGEAR products input verification error vulnerability (CNVD-2021-50920)url:https://www.cnvd.org.cn/patchInfo/show/279126
Trust: 0.6
title:Multiple NETGEAR Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116751
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-50920 // 
            
            
            
            JVNDB: JVNDB-2017-014866 // 
            
            
            
            CNNVD: CNNVD-202004-1988

EXTERNAL IDS
db:NVDid:CVE-2017-18747
Trust: 3.0
db:JVNDBid:JVNDB-2017-014866
Trust: 0.8
db:CNVDid:CNVD-2021-50920
Trust: 0.6
db:CNNVDid:CNNVD-202004-1988
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-50920 // 
            
            
            
            JVNDB: JVNDB-2017-014866 // 
            
            
            
            CNNVD: CNNVD-202004-1988 // 
            
            
            
            NVD: CVE-2017-18747

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18747
Trust: 2.0
url:https://kb.netgear.com/000051507/security-advisory-for-security-misconfiguration-on-some-extenders-psv-2016-0115
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18747
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-50920 // 
            
            
            
            JVNDB: JVNDB-2017-014866 // 
            
            
            
            CNNVD: CNNVD-202004-1988 // 
            
            
            
            NVD: CVE-2017-18747

SOURCES
db:CNVDid:CNVD-2021-50920
db:JVNDBid:JVNDB-2017-014866
db:CNNVDid:CNNVD-202004-1988
db:NVDid:CVE-2017-18747

LAST UPDATE DATE
2024-11-23T22:58:18.644000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-50920date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2017-014866date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1988date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18747date:2024-11-21T03:20:49.440

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-50920date:2020-07-15T00:00:00
db:JVNDBid:JVNDB-2017-014866date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1988date:2020-04-23T00:00:00
db:NVDid:CVE-2017-18747date:2020-04-23T16:15:12.883