Details of VAR-202004-1417

ID

VAR-202004-1417

CVE

CVE-2017-18734

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014859

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18734 // JVNDB: JVNDB-2017-014859 // CNVD: CNVD-2021-52963

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-52963

AFFECTED PRODUCTS

vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.50	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.4	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.18	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.48	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.18	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.50	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6800	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.48	Trust: 0.8
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.4	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.4	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	1.1.0.48	Trust: 0.6
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6

sources: CNVD: CNVD-2021-52963 // JVNDB: JVNDB-2017-014859 // NVD: CVE-2017-18734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18734
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18734
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014859
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-52963
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1995
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18734
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014859
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-52963
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18734
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18734
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014859
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-52963 // JVNDB: JVNDB-2017-014859 // CNNVD: CNNVD-202004-1995 // NVD: CVE-2017-18734 // NVD: CVE-2017-18734

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014859 // NVD: CVE-2017-18734

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1995

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1995

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014859

PATCH

title:	Security Advisory for Pre-Authentication Command Injection on Some Routers and Extenders, PSV-2017-2154	url:	https://kb.netgear.com/000051521/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2154	Trust: 0.8
title:	Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-52963)	url:	https://www.cnvd.org.cn/patchInfo/show/280081	Trust: 0.6
title:	Multiple NETGEAR Fixing measures for product injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116757	Trust: 0.6

sources: CNVD: CNVD-2021-52963 // JVNDB: JVNDB-2017-014859 // CNNVD: CNNVD-202004-1995

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18734	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014859	Trust: 0.8
db:	CNVD	id:	CNVD-2021-52963	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1995	Trust: 0.6

sources: CNVD: CNVD-2021-52963 // JVNDB: JVNDB-2017-014859 // CNNVD: CNNVD-202004-1995 // NVD: CVE-2017-18734

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18734	Trust: 2.0
url:	https://kb.netgear.com/000051521/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-extenders-psv-2017-2154	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18734	Trust: 0.8

sources: CNVD: CNVD-2021-52963 // JVNDB: JVNDB-2017-014859 // CNNVD: CNNVD-202004-1995 // NVD: CVE-2017-18734

SOURCES

db:	CNVD	id:	CNVD-2021-52963
db:	JVNDB	id:	JVNDB-2017-014859
db:	CNNVD	id:	CNNVD-202004-1995
db:	NVD	id:	CVE-2017-18734

LAST UPDATE DATE

2024-11-23T22:41:06.699000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-52963	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014859	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1995	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18734	date:	2024-11-21T03:20:47.090

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-52963	date:	2020-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014859	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1995	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18734	date:	2020-04-23T17:15:11.910