Details of VAR-202004-1371

ID

VAR-202004-1371

CVE

CVE-2017-18806

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014893

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18806 // JVNDB: JVNDB-2017-014893 // CNVD: CNVD-2021-52966

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-52966

AFFECTED PRODUCTS

vendor:	netgear	model:	wac510	scope:	lt	version:	1.3.0.10	Trust: 1.6
vendor:	netgear	model:	wac120	scope:	lt	version:	2.1.4	Trust: 1.6
vendor:	netgear	model:	wndap620	scope:	lt	version:	2.1.3	Trust: 1.6
vendor:	netgear	model:	wnd930	scope:	lt	version:	2.1.2	Trust: 1.6
vendor:	netgear	model:	wn604	scope:	lt	version:	3.3.7	Trust: 1.6
vendor:	netgear	model:	wndap660	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wndap350	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wnap320	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wndap360	scope:	lt	version:	3.7.4.0	Trust: 1.6
vendor:	netgear	model:	wnap210	scope:	lt	version:	3.7.4.0	Trust: 1.0
vendor:	netgear	model:	wac120	scope:	eq	version:	2.1.4	Trust: 0.8
vendor:	netgear	model:	wac510	scope:	eq	version:	1.3.0.10	Trust: 0.8
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.7	Trust: 0.8
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.1.2	Trust: 0.8
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.1.3	Trust: 0.8
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.7.4.0	Trust: 0.8
vendor:	netgear	model:	wnap210v2	scope:	lt	version:	3.7.4.0	Trust: 0.6

sources: CNVD: CNVD-2021-52966 // JVNDB: JVNDB-2017-014893 // NVD: CVE-2017-18806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18806
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18806
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014893
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-52966
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18806
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014893
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-52966
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18806
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18806
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014893
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-52966 // JVNDB: JVNDB-2017-014893 // NVD: CVE-2017-18806 // NVD: CVE-2017-18806

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014893 // NVD: CVE-2017-18806

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1835

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014893

PATCH

title:	Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2214	url:	https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214	Trust: 0.8
title:	Patch for NETGEAR command injection vulnerability (CNVD-2021-52966)	url:	https://www.cnvd.org.cn/patchInfo/show/280076	Trust: 0.6
title:	Multiple NETGEAR Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116311	Trust: 0.6

sources: CNVD: CNVD-2021-52966 // JVNDB: JVNDB-2017-014893 // CNNVD: CNNVD-202004-1835

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18806	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014893	Trust: 0.8
db:	CNVD	id:	CNVD-2021-52966	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1835	Trust: 0.6

sources: CNVD: CNVD-2021-52966 // JVNDB: JVNDB-2017-014893 // CNNVD: CNNVD-202004-1835 // NVD: CVE-2017-18806

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18806	Trust: 2.0
url:	https://kb.netgear.com/000049061/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2214	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18806	Trust: 0.8

sources: CNVD: CNVD-2021-52966 // JVNDB: JVNDB-2017-014893 // CNNVD: CNNVD-202004-1835 // NVD: CVE-2017-18806

SOURCES

db:	CNVD	id:	CNVD-2021-52966
db:	JVNDB	id:	JVNDB-2017-014893
db:	CNNVD	id:	CNNVD-202004-1835
db:	NVD	id:	CVE-2017-18806

LAST UPDATE DATE

2024-11-23T23:07:58.710000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-52966	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014893	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1835	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18806	date:	2024-11-21T03:20:58.387

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-52966	date:	2020-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014893	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1835	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18806	date:	2020-04-21T16:15:51.337