Details of VAR-202004-1387

ID

VAR-202004-1387

CVE

CVE-2017-18824

TITLE

plural NETGEAR Path traversal vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014868

DESCRIPTION

Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory

Trust: 2.16

sources: NVD: CVE-2017-18824 // JVNDB: JVNDB-2017-014868 // CNVD: CNVD-2021-63374

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-63374

AFFECTED PRODUCTS

vendor:	netgear	model:	m4300-28g	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4300-52g	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4300-8x8f	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4300-12x12f	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4300-24x24f	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4300-24x	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4300-48x	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4200	scope:	lt	version:	12.0.2.15	Trust: 1.6
vendor:	netgear	model:	m4300-28g-poe\+	scope:	lt	version:	12.0.2.15	Trust: 1.0
vendor:	netgear	model:	m4300-52g-poe\+	scope:	lt	version:	12.0.2.15	Trust: 1.0
vendor:	netgear	model:	m4200	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-12x12f	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-24x	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-24x24f	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-28g	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-28g-poe+	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-48x	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-52g	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-52g-poe+	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-8x8f	scope:	eq	version:	12.0.2.15	Trust: 0.8
vendor:	netgear	model:	m4300-28g-poe+	scope:	lt	version:	12.0.2.15	Trust: 0.6
vendor:	netgear	model:	m4300-52g-poe+	scope:	lt	version:	12.0.2.15	Trust: 0.6

sources: CNVD: CNVD-2021-63374 // JVNDB: JVNDB-2017-014868 // NVD: CVE-2017-18824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18824
value:	LOW
Trust: 1.0
cve@mitre.org:	CVE-2017-18824
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014868
value:	LOW
Trust: 0.8
CNVD:	CNVD-2021-63374
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2017-18824
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014868
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-63374
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18824
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18824
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014868
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-63374 // JVNDB: JVNDB-2017-014868 // NVD: CVE-2017-18824 // NVD: CVE-2017-18824

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2017-014868 // NVD: CVE-2017-18824

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202004-1629

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014868

PATCH

title:	Security Advisory for Directory Traversal on Some Fully Managed Switches, PSV-2017-1942	url:	https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942	Trust: 0.8
title:	Patch for Path traversal vulnerabilities in multiple NETGEAR products	url:	https://www.cnvd.org.cn/patchInfo/show/287156	Trust: 0.6
title:	Multiple NETGEAR Product path traversal vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116202	Trust: 0.6

sources: CNVD: CNVD-2021-63374 // JVNDB: JVNDB-2017-014868 // CNNVD: CNNVD-202004-1629

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18824	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014868	Trust: 0.8
db:	CNVD	id:	CNVD-2021-63374	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1629	Trust: 0.6

sources: CNVD: CNVD-2021-63374 // JVNDB: JVNDB-2017-014868 // CNNVD: CNNVD-202004-1629 // NVD: CVE-2017-18824

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18824	Trust: 2.0
url:	https://kb.netgear.com/000049041/security-advisory-for-directory-traversal-on-some-fully-managed-switches-psv-2017-1942	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18824	Trust: 0.8

sources: CNVD: CNVD-2021-63374 // JVNDB: JVNDB-2017-014868 // CNNVD: CNNVD-202004-1629 // NVD: CVE-2017-18824

SOURCES

db:	CNVD	id:	CNVD-2021-63374
db:	JVNDB	id:	JVNDB-2017-014868
db:	CNNVD	id:	CNNVD-202004-1629
db:	NVD	id:	CVE-2017-18824

LAST UPDATE DATE

2024-11-23T22:44:36.337000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-63374	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-014868	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1629	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18824	date:	2024-11-21T03:21:00.933

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-63374	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-014868	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1629	date:	2020-04-20T00:00:00
db:	NVD	id:	CVE-2017-18824	date:	2020-04-20T17:15:12.787