Details of VAR-202004-1420

ID

VAR-202004-1420

CVE

CVE-2017-18737

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014862

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18737 // JVNDB: JVNDB-2017-014862 // CNVD: CNVD-2021-50923

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-50923

AFFECTED PRODUCTS

vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.50	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.4	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.18	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.4	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.48	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.18	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.50	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6800	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.2.0.4	Trust: 0.8
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.48	Trust: 0.8
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.4	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.4	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	1.1.0.48	Trust: 0.6
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6

sources: CNVD: CNVD-2021-50923 // JVNDB: JVNDB-2017-014862 // NVD: CVE-2017-18737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18737
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18737
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014862
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-50923
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2018
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18737
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014862
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-50923
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18737
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18737
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014862
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-50923 // JVNDB: JVNDB-2017-014862 // CNNVD: CNNVD-202004-2018 // NVD: CVE-2017-18737 // NVD: CVE-2017-18737

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014862 // NVD: CVE-2017-18737

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2018

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2018

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014862

PATCH

title:	Security Advisory for Pre-Authentication Command Injection on Some Routers and Extenders, PSV-2017-2140	url:	https://kb.netgear.com/000051518/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Extenders-PSV-2017-2140	Trust: 0.8
title:	Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-50923)	url:	https://www.cnvd.org.cn/patchInfo/show/279111	Trust: 0.6
title:	Multiple NETGEAR Fixing measures for product injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116776	Trust: 0.6

sources: CNVD: CNVD-2021-50923 // JVNDB: JVNDB-2017-014862 // CNNVD: CNNVD-202004-2018

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18737	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014862	Trust: 0.8
db:	CNVD	id:	CNVD-2021-50923	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2018	Trust: 0.6

sources: CNVD: CNVD-2021-50923 // JVNDB: JVNDB-2017-014862 // CNNVD: CNNVD-202004-2018 // NVD: CVE-2017-18737

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18737	Trust: 2.0
url:	https://kb.netgear.com/000051518/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-extenders-psv-2017-2140	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18737	Trust: 0.8

sources: CNVD: CNVD-2021-50923 // JVNDB: JVNDB-2017-014862 // CNNVD: CNNVD-202004-2018 // NVD: CVE-2017-18737

SOURCES

db:	CNVD	id:	CNVD-2021-50923
db:	JVNDB	id:	JVNDB-2017-014862
db:	CNNVD	id:	CNNVD-202004-2018
db:	NVD	id:	CVE-2017-18737

LAST UPDATE DATE

2024-11-23T22:55:10.459000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-50923	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-014862	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-2018	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18737	date:	2024-11-21T03:20:47.853

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-50923	date:	2020-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-014862	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-2018	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18737	date:	2020-04-23T17:15:12.490