Sign-up

ID

VAR-202004-1408


CVE

CVE-2017-18845


TITLE

NETGEAR R6700v2 and R6800 Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014846

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38. NETGEAR R6700v2 and R6800 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR R6700v2 and NETGEAR R6800 are wireless routers from NETGEAR. There are security vulnerabilities in NETGEAR R6700v2 versions before 1.1.0.38 and R6800 versions before 1.1.0.38. Attackers can use this vulnerability to obtain management credentials

Trust: 2.16

sources: NVD: CVE-2017-18845 // JVNDB: JVNDB-2017-014846 // CNVD: CNVD-2021-39192

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-39192

AFFECTED PRODUCTS

vendor:netgearmodel:r6800scope:ltversion:1.1.0.38

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.1.0.38

Trust: 1.0

vendor:netgearmodel:r6700scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:r6800scope:eqversion:1.1.0.38

Trust: 0.8

vendor:netgearmodel:r6700v2scope:ltversion:1.1.0.38

Trust: 0.6

sources: CNVD: CNVD-2021-39192 // JVNDB: JVNDB-2017-014846 // NVD: CVE-2017-18845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18845
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18845
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014846
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-39192
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1622
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-18845
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014846
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-39192
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18845
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18845
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014846
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-39192 // JVNDB: JVNDB-2017-014846 // CNNVD: CNNVD-202004-1622 // NVD: CVE-2017-18845 // NVD: CVE-2017-18845

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

sources: JVNDB: JVNDB-2017-014846 // NVD: CVE-2017-18845

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1622

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1622

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014846

PATCH
title:Security Advisory for Admin Credential Disclosure on Some Routers, PSV-2017-2137url:https://kb.netgear.com/000049014/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2017-2137
Trust: 0.8
title:Patch for NETGEAR Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/269681
Trust: 0.6
title:NETGEAR R6700v2  and NETGEAR R6800 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116942
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-39192 // 
            
            
            
            JVNDB: JVNDB-2017-014846 // 
            
            
            
            CNNVD: CNNVD-202004-1622

EXTERNAL IDS
db:NVDid:CVE-2017-18845
Trust: 3.0
db:JVNDBid:JVNDB-2017-014846
Trust: 0.8
db:CNVDid:CNVD-2021-39192
Trust: 0.6
db:CNNVDid:CNNVD-202004-1622
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-39192 // 
            
            
            
            JVNDB: JVNDB-2017-014846 // 
            
            
            
            CNNVD: CNNVD-202004-1622 // 
            
            
            
            NVD: CVE-2017-18845

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18845
Trust: 2.0
url:https://kb.netgear.com/000049014/security-advisory-for-admin-credential-disclosure-on-some-routers-psv-2017-2137
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18845
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-39192 // 
            
            
            
            JVNDB: JVNDB-2017-014846 // 
            
            
            
            CNNVD: CNNVD-202004-1622 // 
            
            
            
            NVD: CVE-2017-18845

SOURCES
db:CNVDid:CNVD-2021-39192
db:JVNDBid:JVNDB-2017-014846
db:CNNVDid:CNNVD-202004-1622
db:NVDid:CVE-2017-18845

LAST UPDATE DATE
2024-11-23T22:44:36.311000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-39192date:2021-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014846date:2020-05-18T00:00:00
db:CNNVDid:CNNVD-202004-1622date:2020-04-26T00:00:00
db:NVDid:CVE-2017-18845date:2024-11-21T03:21:04.567

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-39192date:2021-06-03T00:00:00
db:JVNDBid:JVNDB-2017-014846date:2020-05-18T00:00:00
db:CNNVDid:CNNVD-202004-1622date:2020-04-20T00:00:00
db:NVDid:CVE-2017-18845date:2020-04-20T16:15:13.680