Sign-up

ID

VAR-202004-1362


CVE

CVE-2017-18759


TITLE

NETGEAR R8300 and R8500 Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014908

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. NETGEAR R8300 and R8500 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500 and NETGEAR R8300 are both wireless routers of NETGEAR. The vulnerabilities stem from network systems or products performing incorrect operations on memory and incorrectly verifying data boundaries, leading to other associated memory locations. An erroneous read and write operation was performed, and an attacker could use the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2017-18759 // JVNDB: JVNDB-2017-014908 // CNVD: CNVD-2020-31334

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31334

AFFECTED PRODUCTS

vendor:netgearmodel:r8300scope:ltversion:1.0.2.104

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.104

Trust: 1.6

vendor:netgearmodel:r8300scope:eqversion:1.0.2.104

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.104

Trust: 0.8

sources: CNVD: CNVD-2020-31334 // JVNDB: JVNDB-2017-014908 // NVD: CVE-2017-18759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18759
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18759
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014908
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-31334
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1919
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18759
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014908
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31334
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18759
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18759
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014908
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31334 // JVNDB: JVNDB-2017-014908 // CNNVD: CNNVD-202004-1919 // NVD: CVE-2017-18759 // NVD: CVE-2017-18759

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2017-014908 // NVD: CVE-2017-18759

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1919

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1919

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014908

PATCH
title:Security Advisory for Post-Authentication Stack Overflow on R8300 and R8500, PSV-2017-2227url:https://kb.netgear.com/000051486/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-R8300-and-R8500-PSV-2017-2227
Trust: 0.8
title:Patch for NETGEAR R8500 and R8300 buffer overflow vulnerability (CNVD-2020-31334)url:https://www.cnvd.org.cn/patchInfo/show/219989
Trust: 0.6
title:NETGEAR R8500  and R8300 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116690
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31334 // 
            
            
            
            JVNDB: JVNDB-2017-014908 // 
            
            
            
            CNNVD: CNNVD-202004-1919

EXTERNAL IDS
db:NVDid:CVE-2017-18759
Trust: 3.0
db:JVNDBid:JVNDB-2017-014908
Trust: 0.8
db:CNVDid:CNVD-2020-31334
Trust: 0.6
db:CNNVDid:CNNVD-202004-1919
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31334 // 
            
            
            
            JVNDB: JVNDB-2017-014908 // 
            
            
            
            CNNVD: CNNVD-202004-1919 // 
            
            
            
            NVD: CVE-2017-18759

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18759
Trust: 2.0
url:https://kb.netgear.com/000051486/security-advisory-for-post-authentication-stack-overflow-on-r8300-and-r8500-psv-2017-2227
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18759
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-31334 // 
            
            
            
            JVNDB: JVNDB-2017-014908 // 
            
            
            
            CNNVD: CNNVD-202004-1919 // 
            
            
            
            NVD: CVE-2017-18759

SOURCES
db:CNVDid:CNVD-2020-31334
db:JVNDBid:JVNDB-2017-014908
db:CNNVDid:CNNVD-202004-1919
db:NVDid:CVE-2017-18759

LAST UPDATE DATE
2024-11-23T23:01:24.477000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31334date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014908date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1919date:2020-04-26T00:00:00
db:NVDid:CVE-2017-18759date:2024-11-21T03:20:51.137

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31334date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014908date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1919date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18759date:2020-04-22T16:15:11.247