Details of VAR-202004-1368

ID

VAR-202004-1368

CVE

CVE-2017-18766

TITLE

NETGEAR DST6501 and WNR2000 Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014906

DESCRIPTION

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8. NETGEAR DST6501 and WNR2000 The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR WNR2000 and NETGEAR DST6501 are both products of NETGEAR. NETGEAR WNR2000 is a wireless router. NETGEAR DST6501 is a wireless extender adapter. There are security vulnerabilities in NETGEAR DST6501 versions before 1.1.0.6 and WNR2000v2 versions before 1.2.0.8

Trust: 2.16

sources: NVD: CVE-2017-18766 // JVNDB: JVNDB-2017-014906 // CNVD: CNVD-2021-59161

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-59161

AFFECTED PRODUCTS

vendor:	netgear	model:	dst6501	scope:	lt	version:	1.1.0.6	Trust: 1.6
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.2.0.8	Trust: 1.0
vendor:	netgear	model:	dst6501	scope:	eq	version:	1.1.0.6	Trust: 0.8
vendor:	netgear	model:	wnr2000	scope:	eq	version:	1.2.0.8	Trust: 0.8
vendor:	netgear	model:	wnr2000v2	scope:	lt	version:	1.2.0.8	Trust: 0.6

sources: CNVD: CNVD-2021-59161 // JVNDB: JVNDB-2017-014906 // NVD: CVE-2017-18766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18766
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18766
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014906
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-59161
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1912
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18766
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014906
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-59161
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18766
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18766
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014906
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-59161 // JVNDB: JVNDB-2017-014906 // CNNVD: CNNVD-202004-1912 // NVD: CVE-2017-18766 // NVD: CVE-2017-18766

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014906 // NVD: CVE-2017-18766

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1912

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1912

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014906

PATCH

title:	Security Advisory for Arbitrary File Read on DST6501 and WNR2000v2, PSV-2017-0425	url:	https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425	Trust: 0.8
title:	Patch for NETGEAR DST6501 and WNR2000 Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/284361	Trust: 0.6
title:	NETGEAR DST6501 and WNR2000 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117247	Trust: 0.6

sources: CNVD: CNVD-2021-59161 // JVNDB: JVNDB-2017-014906 // CNNVD: CNNVD-202004-1912

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18766	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014906	Trust: 0.8
db:	CNVD	id:	CNVD-2021-59161	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1912	Trust: 0.6

sources: CNVD: CNVD-2021-59161 // JVNDB: JVNDB-2017-014906 // CNNVD: CNNVD-202004-1912 // NVD: CVE-2017-18766

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18766	Trust: 2.0
url:	https://kb.netgear.com/000051479/security-advisory-for-arbitrary-file-read-on-dst6501-and-wnr2000v2-psv-2017-0425	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18766	Trust: 0.8

sources: CNVD: CNVD-2021-59161 // JVNDB: JVNDB-2017-014906 // CNNVD: CNNVD-202004-1912 // NVD: CVE-2017-18766

SOURCES

db:	CNVD	id:	CNVD-2021-59161
db:	JVNDB	id:	JVNDB-2017-014906
db:	CNNVD	id:	CNNVD-202004-1912
db:	NVD	id:	CVE-2017-18766

LAST UPDATE DATE

2024-11-23T22:16:30.409000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-59161	date:	2021-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-014906	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1912	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18766	date:	2024-11-21T03:20:52.057

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-59161	date:	2021-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-014906	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1912	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18766	date:	2020-04-22T16:15:11.607