Details of VAR-202004-1365

ID

VAR-202004-1365

CVE

CVE-2017-18763

TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014904

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.42, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18763 // JVNDB: JVNDB-2017-014904 // CNVD: CNVD-2021-67651

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-67651

AFFECTED PRODUCTS

vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.50	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.4	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.18	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.30	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.42	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.42	Trust: 1.6
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.48	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.0.0.42	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.42	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.18	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.30	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.50	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6800	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.4	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.4	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	1.1.0.48	Trust: 0.6
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.42	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.42	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.42	Trust: 0.6

sources: CNVD: CNVD-2021-67651 // JVNDB: JVNDB-2017-014904 // NVD: CVE-2017-18763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18763
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18763
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014904
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-67651
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1909
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18763
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014904
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-67651
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18763
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18763
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014904
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-67651 // JVNDB: JVNDB-2017-014904 // CNNVD: CNNVD-202004-1909 // NVD: CVE-2017-18763 // NVD: CVE-2017-18763

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-014904 // NVD: CVE-2017-18763

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1909

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1909

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014904

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers and Extenders, PSV-2017-2212	url:	https://kb.netgear.com/000051482/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Extenders-PSV-2017-2212	Trust: 0.8
title:	Patch for Multiple NETGEAR products input verification error vulnerability (CNVD-2021-67651)	url:	https://www.cnvd.org.cn/patchInfo/show/289196	Trust: 0.6
title:	Multiple NETGEAR Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117245	Trust: 0.6

sources: CNVD: CNVD-2021-67651 // JVNDB: JVNDB-2017-014904 // CNNVD: CNNVD-202004-1909

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18763	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014904	Trust: 0.8
db:	CNVD	id:	CNVD-2021-67651	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1909	Trust: 0.6

sources: CNVD: CNVD-2021-67651 // JVNDB: JVNDB-2017-014904 // CNNVD: CNNVD-202004-1909 // NVD: CVE-2017-18763

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18763	Trust: 2.0
url:	https://kb.netgear.com/000051482/security-advisory-for-security-misconfiguration-on-some-routers-and-extenders-psv-2017-2212	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18763	Trust: 0.8

sources: CNVD: CNVD-2021-67651 // JVNDB: JVNDB-2017-014904 // CNNVD: CNNVD-202004-1909 // NVD: CVE-2017-18763

SOURCES

db:	CNVD	id:	CNVD-2021-67651
db:	JVNDB	id:	JVNDB-2017-014904
db:	CNNVD	id:	CNNVD-202004-1909
db:	NVD	id:	CVE-2017-18763

LAST UPDATE DATE

2024-11-23T23:04:25.132000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-67651	date:	2021-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014904	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1909	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18763	date:	2024-11-21T03:20:51.590

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-67651	date:	2021-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014904	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1909	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18763	date:	2020-04-22T16:15:11.433