Details of VAR-202004-1409

ID

VAR-202004-1409

CVE

CVE-2017-18846

TITLE

plural NETGEAR Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014887

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all products of NETGEAR. NETGEAR D8500 is a wireless modem. NETGEAR R6250 is a wireless router. NETGEAR R8300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2017-18846 // JVNDB: JVNDB-2017-014887 // CNVD: CNVD-2021-57170

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57170

AFFECTED PRODUCTS

vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.29	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.12	Trust: 1.6
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.100_1.0.82	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.100_1.0.82	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.32	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.29	Trust: 0.8
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.12	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.32	Trust: 0.8
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.0.0.56	Trust: 0.8
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.0.56	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.100_1.0.82	Trust: 0.8
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.100_1.0.82	Trust: 0.8
vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.2.32	Trust: 0.6
vendor:	netgear	model:	r8300 <1.0.2.100 1.0.82	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r8500 <1.0.2.100 1.0.82	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7000p/r6900p	scope:	lt	version:	1.0.0.56	Trust: 0.6

sources: CNVD: CNVD-2021-57170 // JVNDB: JVNDB-2017-014887 // NVD: CVE-2017-18846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18846
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18846
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014887
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-57170
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18846
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014887
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-57170
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18846
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18846
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014887
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-57170 // JVNDB: JVNDB-2017-014887 // NVD: CVE-2017-18846 // NVD: CVE-2017-18846

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2017-014887 // NVD: CVE-2017-18846

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1624

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014887

PATCH

title:	Security Advisory for Stack Overflow on Some Routers, PSV-2017-0793	url:	https://kb.netgear.com/000049013/Security-Advisory-for-Stack-Overflow-on-Some-Routers-PSV-PSV-2017-0793	Trust: 0.8
title:	Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-57170)	url:	https://www.cnvd.org.cn/patchInfo/show/283631	Trust: 0.6
title:	Multiple NETGEAR Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116197	Trust: 0.6

sources: CNVD: CNVD-2021-57170 // JVNDB: JVNDB-2017-014887 // CNNVD: CNNVD-202004-1624

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18846	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014887	Trust: 0.8
db:	CNVD	id:	CNVD-2021-57170	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1624	Trust: 0.6

sources: CNVD: CNVD-2021-57170 // JVNDB: JVNDB-2017-014887 // CNNVD: CNNVD-202004-1624 // NVD: CVE-2017-18846

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18846	Trust: 2.0
url:	https://kb.netgear.com/000049013/security-advisory-for-stack-overflow-on-some-routers-psv-psv-2017-0793	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18846	Trust: 0.8

sources: CNVD: CNVD-2021-57170 // JVNDB: JVNDB-2017-014887 // CNNVD: CNNVD-202004-1624 // NVD: CVE-2017-18846

SOURCES

db:	CNVD	id:	CNVD-2021-57170
db:	JVNDB	id:	JVNDB-2017-014887
db:	CNNVD	id:	CNNVD-202004-1624
db:	NVD	id:	CVE-2017-18846

LAST UPDATE DATE

2024-11-23T22:48:01.565000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57170	date:	2021-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-014887	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1624	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18846	date:	2024-11-21T03:21:04.723

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57170	date:	2020-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-014887	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1624	date:	2020-04-20T00:00:00
db:	NVD	id:	CVE-2017-18846	date:	2020-04-20T16:15:13.727