Sign-up

ID

VAR-202004-1364


CVE

CVE-2017-18762


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014903

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7000, etc. are all products of NETGEAR. NETGEAR R7000 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR WNDR3700 is a wireless router. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18762 // JVNDB: JVNDB-2017-014903 // CNVD: CNVD-2021-59159

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-59159

AFFECTED PRODUCTS

vendor:netgearmodel:r6100scope:ltversion:1.0.1.16

Trust: 1.6

vendor:netgearmodel:r7000scope:ltversion:1.0.9.10

Trust: 1.6

vendor:netgearmodel:r7000pscope:ltversion:1.2.0.22

Trust: 1.6

vendor:netgearmodel:r6900pscope:ltversion:1.2.0.22

Trust: 1.6

vendor:netgearmodel:d6100scope:ltversion:1.0.0.57

Trust: 1.6

vendor:netgearmodel:d3600scope:ltversion:1.0.0.68

Trust: 1.6

vendor:netgearmodel:d6000scope:ltversion:1.0.0.68

Trust: 1.6

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.40

Trust: 1.6

vendor:netgearmodel:wndr4300scope:ltversion:1.0.2.90

Trust: 1.0

vendor:netgearmodel:wnr2000scope:ltversion:1.0.0.58

Trust: 1.0

vendor:netgearmodel:wndr4500scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:wndr3700scope:ltversion:1.0.2.88

Trust: 1.0

vendor:netgearmodel:d3600scope:eqversion:1.0.0.68

Trust: 0.8

vendor:netgearmodel:d6000scope:eqversion:1.0.0.68

Trust: 0.8

vendor:netgearmodel:d6100scope:eqversion:1.0.0.57

Trust: 0.8

vendor:netgearmodel:r6100scope:eqversion:1.0.1.16

Trust: 0.8

vendor:netgearmodel:r6900pscope:eqversion:1.2.0.22

Trust: 0.8

vendor:netgearmodel:r7000scope:eqversion:1.0.9.10

Trust: 0.8

vendor:netgearmodel:r7000pscope:eqversion:1.2.0.22

Trust: 0.8

vendor:netgearmodel:r7100lgscope:eqversion:1.0.0.40

Trust: 0.8

vendor:netgearmodel:wndr3700scope:eqversion:1.0.2.88

Trust: 0.8

vendor:netgearmodel:wndr4300scope:eqversion:1.0.2.90

Trust: 0.8

vendor:netgearmodel:wnr2000v5scope:ltversion:1.0.0.58

Trust: 0.6

vendor:netgearmodel:wndr4500v3scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:wndr4300v2scope:ltversion:1.0.0.48

Trust: 0.6

vendor:netgearmodel:wndr3700v4scope:ltversion:1.0.2.88

Trust: 0.6

vendor:netgearmodel:wndr4300v1scope:ltversion:1.0.2.90

Trust: 0.6

sources: CNVD: CNVD-2021-59159 // JVNDB: JVNDB-2017-014903 // NVD: CVE-2017-18762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18762
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18762
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014903
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-59159
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1907
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-18762
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014903
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-59159
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18762
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18762
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014903
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-59159 // JVNDB: JVNDB-2017-014903 // CNNVD: CNNVD-202004-1907 // NVD: CVE-2017-18762 // NVD: CVE-2017-18762

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014903 // NVD: CVE-2017-18762

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1907

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1907

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014903

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Routers and Gateways, PSV-2017-2451url:https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451
Trust: 0.8
title:Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-59159)url:https://www.cnvd.org.cn/patchInfo/show/284336
Trust: 0.6
title:Multiple NETGEAR Fixing measures for product injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117243
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-59159 // 
            
            
            
            JVNDB: JVNDB-2017-014903 // 
            
            
            
            CNNVD: CNNVD-202004-1907

EXTERNAL IDS
db:NVDid:CVE-2017-18762
Trust: 3.0
db:JVNDBid:JVNDB-2017-014903
Trust: 0.8
db:CNVDid:CNVD-2021-59159
Trust: 0.6
db:CNNVDid:CNNVD-202004-1907
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-59159 // 
            
            
            
            JVNDB: JVNDB-2017-014903 // 
            
            
            
            CNNVD: CNNVD-202004-1907 // 
            
            
            
            NVD: CVE-2017-18762

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18762
Trust: 2.0
url:https://kb.netgear.com/000051483/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-gateways-psv-2017-2451
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18762
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-59159 // 
            
            
            
            JVNDB: JVNDB-2017-014903 // 
            
            
            
            CNNVD: CNNVD-202004-1907 // 
            
            
            
            NVD: CVE-2017-18762

SOURCES
db:CNVDid:CNVD-2021-59159
db:JVNDBid:JVNDB-2017-014903
db:CNNVDid:CNNVD-202004-1907
db:NVDid:CVE-2017-18762

LAST UPDATE DATE
2024-11-23T22:37:25.063000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-59159date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014903date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1907date:2020-04-26T00:00:00
db:NVDid:CVE-2017-18762date:2024-11-21T03:20:51.437

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-59159date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014903date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1907date:2020-04-22T00:00:00
db:NVDid:CVE-2017-18762date:2020-04-22T16:15:11.373