Sign-up

ID

VAR-202004-1406


CVE

CVE-2017-18843


TITLE

plural NETGEAR Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014885

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50. NETGEAR R6700 , R6800 , D7000 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R6700v2 is a wireless router. NETGEAR R6800 is a wireless router. There are security vulnerabilities in NETGEAR R6700v2 versions before 1.1.0.38, R6800 versions before 1.1.0.38, and D7000 versions before 1.0.1.50. Attackers can use this vulnerability to obtain management credentials

Trust: 2.16

sources: NVD: CVE-2017-18843 // JVNDB: JVNDB-2017-014885 // CNVD: CNVD-2021-61053

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61053

AFFECTED PRODUCTS

vendor:netgearmodel:d7000scope:ltversion:1.0.1.50

Trust: 1.6

vendor:netgearmodel:r6800scope:ltversion:1.1.0.38

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.1.0.38

Trust: 1.0

vendor:netgearmodel:d7000scope:eqversion:1.0.1.50

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:r6800scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:r6700v2scope:ltversion:1.1.0.38

Trust: 0.6

sources: CNVD: CNVD-2021-61053 // JVNDB: JVNDB-2017-014885 // NVD: CVE-2017-18843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18843
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18843
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014885
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-61053
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2017-18843
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014885
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61053
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18843
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18843
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014885
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61053 // JVNDB: JVNDB-2017-014885 // NVD: CVE-2017-18843 // NVD: CVE-2017-18843

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

sources: JVNDB: JVNDB-2017-014885 // NVD: CVE-2017-18843

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1620

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014885

PATCH
title:Security Advisory for an Admin Credential Disclosure on Some Routers and a DSL Gateway , PSV-2017-2155url:https://kb.netgear.com/000049016/Security-Advisory-for-an-Admin-Credential-Disclosure-on-Some-Routers-PSV-2017-2155
Trust: 0.8
title:Patch for NETGEAR R6700v2, R6800 and D7000 have unspecified vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/284561
Trust: 0.6
title:NETGEAR R6700v2 , R6800  and D7000 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116193
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61053 // 
            
            
            
            JVNDB: JVNDB-2017-014885 // 
            
            
            
            CNNVD: CNNVD-202004-1620

EXTERNAL IDS
db:NVDid:CVE-2017-18843
Trust: 3.0
db:JVNDBid:JVNDB-2017-014885
Trust: 0.8
db:CNVDid:CNVD-2021-61053
Trust: 0.6
db:CNNVDid:CNNVD-202004-1620
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61053 // 
            
            
            
            JVNDB: JVNDB-2017-014885 // 
            
            
            
            CNNVD: CNNVD-202004-1620 // 
            
            
            
            NVD: CVE-2017-18843

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18843
Trust: 2.0
url:https://kb.netgear.com/000049016/security-advisory-for-an-admin-credential-disclosure-on-some-routers-psv-2017-2155
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18843
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61053 // 
            
            
            
            JVNDB: JVNDB-2017-014885 // 
            
            
            
            CNNVD: CNNVD-202004-1620 // 
            
            
            
            NVD: CVE-2017-18843

SOURCES
db:CNVDid:CNVD-2021-61053
db:JVNDBid:JVNDB-2017-014885
db:CNNVDid:CNNVD-202004-1620
db:NVDid:CVE-2017-18843

LAST UPDATE DATE
2024-11-23T22:37:25.013000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61053date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2017-014885date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1620date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18843date:2024-11-21T03:21:04.220

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61053date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014885date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1620date:2020-04-20T00:00:00
db:NVDid:CVE-2017-18843date:2020-04-20T16:15:13.537