Details of VAR-202004-1366

ID

VAR-202004-1366

CVE

CVE-2017-18764

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014905

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2017-18764 // JVNDB: JVNDB-2017-014905

AFFECTED PRODUCTS

vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.2.90	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	lt	version:	1.0.0.55	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wn3000rp	scope:	lt	version:	1.0.2.50	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.2.52	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.30	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.50	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.14	Trust: 1.0
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.48	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.0.2.88	Trust: 1.0
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.0.110	Trust: 1.0
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.10	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.28	Trust: 1.0
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.10	Trust: 1.0
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.18	Trust: 1.0
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.3.20	Trust: 1.0
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.36	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.50	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.0.0.58	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	eq	version:	1.0.0.55	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.50	Trust: 0.8
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.28	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.0.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.18	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	r6100	scope:	eq	version:	1.0.1.14	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.30	Trust: 0.8

sources: JVNDB: JVNDB-2017-014905 // NVD: CVE-2017-18764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18764
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18764
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014905
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-1910
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18764
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014905
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2017-18764
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18764
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014905
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2017-014905 // CNNVD: CNNVD-202004-1910 // NVD: CVE-2017-18764 // NVD: CVE-2017-18764

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014905 // NVD: CVE-2017-18764

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1910

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1910

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014905

PATCH

title:	Security Advisory for Pre-Authentication Command Injection on Some Routers, Gateways, and Extenders, PSV-2017-2210	url:	https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210	Trust: 0.8
title:	Multiple NETGEAR Fixing measures for product injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117246	Trust: 0.6

sources: JVNDB: JVNDB-2017-014905 // CNNVD: CNNVD-202004-1910

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18764	Trust: 2.4
db:	JVNDB	id:	JVNDB-2017-014905	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1910	Trust: 0.6

sources: JVNDB: JVNDB-2017-014905 // CNNVD: CNNVD-202004-1910 // NVD: CVE-2017-18764

REFERENCES

url:	https://kb.netgear.com/000051481/security-advisory-for-pre-authentication-command-injection-on-some-routers-gateways-and-extenders-psv-2017-2210	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18764	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18764	Trust: 0.8

sources: JVNDB: JVNDB-2017-014905 // CNNVD: CNNVD-202004-1910 // NVD: CVE-2017-18764

SOURCES

db:	JVNDB	id:	JVNDB-2017-014905
db:	CNNVD	id:	CNNVD-202004-1910
db:	NVD	id:	CVE-2017-18764

LAST UPDATE DATE

2024-11-23T22:44:36.363000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2017-014905	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1910	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18764	date:	2024-11-21T03:20:51.747

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2017-014905	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1910	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18764	date:	2020-04-22T16:15:11.497