Details of VAR-202004-1418

ID

VAR-202004-1418

CVE

CVE-2017-18735

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014860

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router of NETGEAR. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method. This affects JR6150 prior to 1.0.1.10, PR2000 prior to 1.0.0.18, R6050 prior to 1.0.1.10, R6700v2 prior to 1.2.0.4, R6800 prior to 1.2.0.4, and R6900v2 prior to 1.2.0.4

Trust: 2.25

sources: NVD: CVE-2017-18735 // JVNDB: JVNDB-2017-014860 // CNVD: CNVD-2020-25882 // VULMON: CVE-2017-18735

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25882

AFFECTED PRODUCTS

vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.4	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.18	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.18	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6800	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.4	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.4	Trust: 0.6

sources: CNVD: CNVD-2020-25882 // JVNDB: JVNDB-2017-014860 // NVD: CVE-2017-18735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18735
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18735
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014860
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-25882
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2000
value:	HIGH
Trust: 0.6
VULMON:	CVE-2017-18735
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18735
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014860
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25882
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18735
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18735
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014860
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25882 // VULMON: CVE-2017-18735 // JVNDB: JVNDB-2017-014860 // CNNVD: CNNVD-202004-2000 // NVD: CVE-2017-18735 // NVD: CVE-2017-18735

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014860 // NVD: CVE-2017-18735

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2000

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2000

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014860

PATCH

title:	Security Advisory for Pre-Authentication Command Injection on Some Routers and Extenders, PSV-2017-2143	url:	https://kb.netgear.com/000051520/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2143	Trust: 0.8
title:	Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-25882)	url:	https://www.cnvd.org.cn/patchInfo/show/216041	Trust: 0.6
title:	Multiple NETGEAR Fixing measures for product injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116761	Trust: 0.6

sources: CNVD: CNVD-2020-25882 // JVNDB: JVNDB-2017-014860 // CNNVD: CNNVD-202004-2000

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18735	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014860	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25882	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2000	Trust: 0.6
db:	VULMON	id:	CVE-2017-18735	Trust: 0.1

sources: CNVD: CNVD-2020-25882 // VULMON: CVE-2017-18735 // JVNDB: JVNDB-2017-014860 // CNNVD: CNNVD-202004-2000 // NVD: CVE-2017-18735

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18735	Trust: 2.0
url:	https://kb.netgear.com/000051520/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-extenders-psv-2017-2143	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18735	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-25882 // VULMON: CVE-2017-18735 // JVNDB: JVNDB-2017-014860 // CNNVD: CNNVD-202004-2000 // NVD: CVE-2017-18735

SOURCES

db:	CNVD	id:	CNVD-2020-25882
db:	VULMON	id:	CVE-2017-18735
db:	JVNDB	id:	JVNDB-2017-014860
db:	CNNVD	id:	CNNVD-202004-2000
db:	NVD	id:	CVE-2017-18735

LAST UPDATE DATE

2024-11-23T22:11:30.673000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25882	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18735	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-014860	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-2000	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18735	date:	2024-11-21T03:20:47.253

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25882	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18735	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-014860	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-2000	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18735	date:	2020-04-23T17:15:12.147