Sign-up

ID

VAR-202004-1404


CVE

CVE-2017-18841


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014883

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000 etc. are all products of NETGEAR company. NETGEAR D7000 is a wireless modem. NETGEAR R6220 is a wireless router. NETGEAR R6800 is a wireless router. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special element is not filtered or correctly filtered, which causes the system or product to generate analysis or The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18841 // JVNDB: JVNDB-2017-014883 // CNVD: CNVD-2021-66980

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-66980

AFFECTED PRODUCTS

vendor:netgearmodel:d7000scope:ltversion:1.0.1.50

Trust: 1.6

vendor:netgearmodel:r6800scope:ltversion:1.1.0.38

Trust: 1.6

vendor:netgearmodel:r6220scope:ltversion:1.1.0.46

Trust: 1.6

vendor:netgearmodel:wndr3700scope:ltversion:1.1.0.46

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.1.0.38

Trust: 1.0

vendor:netgearmodel:d7000scope:eqversion:1.0.1.50

Trust: 0.8

vendor:netgearmodel:r6220scope:eqversion:1.1.0.46

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:r6800scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:wndr3700scope:eqversion:1.1.0.46

Trust: 0.8

vendor:netgearmodel:r6700v2scope:ltversion:1.1.0.38

Trust: 0.6

vendor:netgearmodel:wndr3700v5scope:ltversion:1.1.0.46

Trust: 0.6

sources: CNVD: CNVD-2021-66980 // JVNDB: JVNDB-2017-014883 // NVD: CVE-2017-18841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18841
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18841
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014883
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-66980
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-18841
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014883
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-66980
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18841
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18841
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014883
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-66980 // JVNDB: JVNDB-2017-014883 // NVD: CVE-2017-18841 // NVD: CVE-2017-18841

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014883 // NVD: CVE-2017-18841

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1618

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014883

PATCH
title:Security Advisory for Command Injection on Some Routers and a Modem Router, PSV-2017-2158url:https://kb.netgear.com/000049018/Security-Advisory-for-Command-Injection-on-Some-Routers-and-a-Modem-Router-PSV-2017-2158
Trust: 0.8
title:Patch for NETGEAR command injection vulnerability (CNVD-2021-66980)url:https://www.cnvd.org.cn/patchInfo/show/288726
Trust: 0.6
title:Multiple NETGEAR Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116191
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-66980 // 
            
            
            
            JVNDB: JVNDB-2017-014883 // 
            
            
            
            CNNVD: CNNVD-202004-1618

EXTERNAL IDS
db:NVDid:CVE-2017-18841
Trust: 3.0
db:JVNDBid:JVNDB-2017-014883
Trust: 0.8
db:CNVDid:CNVD-2021-66980
Trust: 0.6
db:CNNVDid:CNNVD-202004-1618
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-66980 // 
            
            
            
            JVNDB: JVNDB-2017-014883 // 
            
            
            
            CNNVD: CNNVD-202004-1618 // 
            
            
            
            NVD: CVE-2017-18841

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18841
Trust: 2.0
url:https://kb.netgear.com/000049018/security-advisory-for-command-injection-on-some-routers-and-a-modem-router-psv-2017-2158
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18841
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-66980 // 
            
            
            
            JVNDB: JVNDB-2017-014883 // 
            
            
            
            CNNVD: CNNVD-202004-1618 // 
            
            
            
            NVD: CVE-2017-18841

SOURCES
db:CNVDid:CNVD-2021-66980
db:JVNDBid:JVNDB-2017-014883
db:CNNVDid:CNNVD-202004-1618
db:NVDid:CVE-2017-18841

LAST UPDATE DATE
2024-11-23T23:01:24.426000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-66980date:2021-08-31T00:00:00
db:JVNDBid:JVNDB-2017-014883date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1618date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18841date:2024-11-21T03:21:03.847

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-66980date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2017-014883date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1618date:2020-04-20T00:00:00
db:NVDid:CVE-2017-18841date:2020-04-20T16:15:13.397