Details of VAR-202004-1416

ID

VAR-202004-1416

CVE

CVE-2017-18733

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014858

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8300, etc. are all products of NETGEAR. NETGEAR R8300 is a wireless router. NETGEAR D6400 is a wireless modem. NETGEAR D6220 is a wireless modem. Authorization issue vulnerabilities exist in many NETGEAR products

Trust: 2.16

sources: NVD: CVE-2017-18733 // JVNDB: JVNDB-2017-014858 // CNVD: CNVD-2021-50922

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-50922

AFFECTED PRODUCTS

vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.60	Trust: 1.6
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.29	Trust: 1.6
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.94	Trust: 1.6
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.28	Trust: 1.6
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.52	Trust: 1.6
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.8	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.22	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.100	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.32	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.28	Trust: 0.8
vendor:	netgear	model:	d6400	scope:	eq	version:	1.0.0.60	Trust: 0.8
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.29	Trust: 0.8
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.22	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.32	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.52	Trust: 0.8
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.94	Trust: 0.8
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.100	Trust: 0.8
vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.2.32	Trust: 0.6

sources: CNVD: CNVD-2021-50922 // JVNDB: JVNDB-2017-014858 // NVD: CVE-2017-18733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18733
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18733
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014858
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-50922
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1993
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18733
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014858
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-50922
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18733
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18733
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014858
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-50922 // JVNDB: JVNDB-2017-014858 // CNNVD: CNNVD-202004-1993 // NVD: CVE-2017-18733 // NVD: CVE-2017-18733

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014858 // NVD: CVE-2017-18733

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1993

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1993

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014858

PATCH

title:	Security Advisory for Authentication Bypass on Some Routers and Gateways, PSV-2016-0061	url:	https://kb.netgear.com/000051522/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2016-0061	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2021-50922)	url:	https://www.cnvd.org.cn/patchInfo/show/279106	Trust: 0.6
title:	Multiple NETGEAR Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116755	Trust: 0.6

sources: CNVD: CNVD-2021-50922 // JVNDB: JVNDB-2017-014858 // CNNVD: CNNVD-202004-1993

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18733	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014858	Trust: 0.8
db:	CNVD	id:	CNVD-2021-50922	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1993	Trust: 0.6

sources: CNVD: CNVD-2021-50922 // JVNDB: JVNDB-2017-014858 // CNNVD: CNNVD-202004-1993 // NVD: CVE-2017-18733

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18733	Trust: 2.0
url:	https://kb.netgear.com/000051522/security-advisory-for-authentication-bypass-on-some-routers-and-gateways-psv-2016-0061	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18733	Trust: 0.8

sources: CNVD: CNVD-2021-50922 // JVNDB: JVNDB-2017-014858 // CNNVD: CNNVD-202004-1993 // NVD: CVE-2017-18733

SOURCES

db:	CNVD	id:	CNVD-2021-50922
db:	JVNDB	id:	JVNDB-2017-014858
db:	CNNVD	id:	CNNVD-202004-1993
db:	NVD	id:	CVE-2017-18733

LAST UPDATE DATE

2024-11-23T22:21:12.735000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-50922	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-014858	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1993	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2017-18733	date:	2024-11-21T03:20:46.933

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-50922	date:	2020-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-014858	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1993	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18733	date:	2020-04-23T17:15:11.753