Sign-up

ID

VAR-202004-1352


CVE

CVE-2017-18748


TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014968

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX6200v2 before 1.0.1.44, R6100 before 1.0.1.12, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, R7800 before 1.0.2.28, R9000 before 1.0.2.30, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48. plural NETGEAR There are unspecified vulnerabilities in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18748 // JVNDB: JVNDB-2017-014968 // CNVD: CNVD-2021-52564

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52564

AFFECTED PRODUCTS

vendor:netgearmodel:r6100scope:ltversion:1.0.1.12

Trust: 1.6

vendor:netgearmodel:r7500scope:ltversion:1.0.0.108

Trust: 1.6

vendor:netgearmodel:r7800scope:ltversion:1.0.2.28

Trust: 1.6

vendor:netgearmodel:r9000scope:ltversion:1.0.2.30

Trust: 1.6

vendor:netgearmodel:wndr4500scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:r7500scope:ltversion:1.0.3.10

Trust: 1.0

vendor:netgearmodel:ex6200scope:ltversion:1.0.1.44

Trust: 1.0

vendor:netgearmodel:ex6200scope:eqversion:1.0.1.44

Trust: 0.8

vendor:netgearmodel:r6100scope:eqversion:1.0.1.12

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.0.108

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.3.10

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.28

Trust: 0.8

vendor:netgearmodel:r9000scope:eqversion:1.0.2.30

Trust: 0.8

vendor:netgearmodel:wndr4300scope:eqversion:1.0.0.48

Trust: 0.8

vendor:netgearmodel:wndr4500scope:eqversion:1.0.0.48

Trust: 0.8

vendor:netgearmodel:wndr4500v3scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:wndr4300v2scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.10

Trust: 0.6

vendor:netgearmodel:ex6200v2scope:ltversion:1.0.1.44

Trust: 0.6

sources: CNVD: CNVD-2021-52564 // JVNDB: JVNDB-2017-014968 // NVD: CVE-2017-18748

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18748
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18748
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014968
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-52564
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1991
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-18748
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014968
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52564
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18748
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18748
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014968
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52564 // JVNDB: JVNDB-2017-014968 // CNNVD: CNNVD-202004-1991 // NVD: CVE-2017-18748 // NVD: CVE-2017-18748

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-18748

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1991

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1991

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014968

PATCH
title:Security Advisory for Security Misconfiguration on Some Routers and Extenders, PSV-2016-0104url:https://kb.netgear.com/000051506/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Extenders-PSV-2016-0104
Trust: 0.8
title:Patch for NETGEAR has an unspecified vulnerability (CNVD-2021-52564)url:https://www.cnvd.org.cn/patchInfo/show/279656
Trust: 0.6
title:Multiple NETGEAR Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116753
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52564 // 
            
            
            
            JVNDB: JVNDB-2017-014968 // 
            
            
            
            CNNVD: CNNVD-202004-1991

EXTERNAL IDS
db:NVDid:CVE-2017-18748
Trust: 3.0
db:JVNDBid:JVNDB-2017-014968
Trust: 0.8
db:CNVDid:CNVD-2021-52564
Trust: 0.6
db:CNNVDid:CNNVD-202004-1991
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52564 // 
            
            
            
            JVNDB: JVNDB-2017-014968 // 
            
            
            
            CNNVD: CNNVD-202004-1991 // 
            
            
            
            NVD: CVE-2017-18748

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18748
Trust: 2.0
url:https://kb.netgear.com/000051506/security-advisory-for-security-misconfiguration-on-some-routers-and-extenders-psv-2016-0104
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18748
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-52564 // 
            
            
            
            JVNDB: JVNDB-2017-014968 // 
            
            
            
            CNNVD: CNNVD-202004-1991 // 
            
            
            
            NVD: CVE-2017-18748

SOURCES
db:CNVDid:CNVD-2021-52564
db:JVNDBid:JVNDB-2017-014968
db:CNNVDid:CNNVD-202004-1991
db:NVDid:CVE-2017-18748

LAST UPDATE DATE
2024-11-23T21:59:20.470000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52564date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2017-014968date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1991date:2020-04-29T00:00:00
db:NVDid:CVE-2017-18748date:2024-11-21T03:20:49.587

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52564date:2020-07-19T00:00:00
db:JVNDBid:JVNDB-2017-014968date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1991date:2020-04-23T00:00:00
db:NVDid:CVE-2017-18748date:2020-04-23T16:15:12.930