Details of VAR-202004-1356

ID

VAR-202004-1356

CVE

CVE-2017-18752

TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014941

DESCRIPTION

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R8500, etc. are all products of NETGEAR. NETGEAR R8500 is a wireless router. NETGEAR R6300 is a wireless router. NETGEAR EX3700 is a wireless WiFi signal range extender. There are security vulnerabilities in many NETGEAR products

Trust: 2.16

sources: NVD: CVE-2017-18752 // JVNDB: JVNDB-2017-014941 // CNVD: CNVD-2021-52948

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-52948

AFFECTED PRODUCTS

vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.22	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.94	Trust: 1.6
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.52	Trust: 1.6
vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.64	Trust: 1.6
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.64	Trust: 1.6
vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	ex6130	scope:	lt	version:	1.0.0.16	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.26	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.6	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.24	Trust: 1.6
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.12	Trust: 1.0
vendor:	netgear	model:	ex3700	scope:	eq	version:	1.0.0.64	Trust: 0.8
vendor:	netgear	model:	ex3800	scope:	eq	version:	1.0.0.64	Trust: 0.8
vendor:	netgear	model:	ex6120	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	ex6130	scope:	eq	version:	1.0.0.16	Trust: 0.8
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.12	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.26	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.22	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.6	Trust: 0.8
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.52	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r6300v2	scope:	lt	version:	1.0.4.12	Trust: 0.6

sources: CNVD: CNVD-2021-52948 // JVNDB: JVNDB-2017-014941 // NVD: CVE-2017-18752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18752
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18752
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014941
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-52948
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1926
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18752
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014941
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-52948
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18752
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18752
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014941
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-52948 // JVNDB: JVNDB-2017-014941 // CNNVD: CNNVD-202004-1926 // NVD: CVE-2017-18752 // NVD: CVE-2017-18752

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014941 // NVD: CVE-2017-18752

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1926

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1926

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014941

PATCH

title:	Security Advisory for Arbitrary File Read on Some Routers and Extenders, PSV-2017-0319	url:	https://kb.netgear.com/000051502/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Extenders-PSV-2017-0319	Trust: 0.8
title:	Patch for Information Disclosure Vulnerabilities in Multiple NETGEAR Products (CNVD-2021-52948)	url:	https://www.cnvd.org.cn/patchInfo/show/280021	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116697	Trust: 0.6

sources: CNVD: CNVD-2021-52948 // JVNDB: JVNDB-2017-014941 // CNNVD: CNNVD-202004-1926

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18752	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014941	Trust: 0.8
db:	CNVD	id:	CNVD-2021-52948	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1926	Trust: 0.6

sources: CNVD: CNVD-2021-52948 // JVNDB: JVNDB-2017-014941 // CNNVD: CNNVD-202004-1926 // NVD: CVE-2017-18752

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18752	Trust: 2.0
url:	https://kb.netgear.com/000051502/security-advisory-for-arbitrary-file-read-on-some-routers-and-extenders-psv-2017-0319	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18752	Trust: 0.8

sources: CNVD: CNVD-2021-52948 // JVNDB: JVNDB-2017-014941 // CNNVD: CNNVD-202004-1926 // NVD: CVE-2017-18752

SOURCES

db:	CNVD	id:	CNVD-2021-52948
db:	JVNDB	id:	JVNDB-2017-014941
db:	CNNVD	id:	CNNVD-202004-1926
db:	NVD	id:	CVE-2017-18752

LAST UPDATE DATE

2024-11-23T21:51:30.951000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-52948	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014941	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1926	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2017-18752	date:	2024-11-21T03:20:50.170

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-52948	date:	2020-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014941	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1926	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18752	date:	2020-04-22T17:15:11.510