Details of VAR-202004-1421

ID

VAR-202004-1421

CVE

CVE-2017-18738

TITLE

plural NETGEAR Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014863

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR EX6150 is a wireless network signal extender. NETGEAR WNDR4300 is a wireless router

Trust: 2.16

sources: NVD: CVE-2017-18738 // JVNDB: JVNDB-2017-014863 // CNVD: CNVD-2020-25884

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25884

AFFECTED PRODUCTS

vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.16	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.106	Trust: 1.6
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.106	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.24	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.22	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.22	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.10	Trust: 1.6
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.2.0.22	Trust: 1.6
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.2.0.22	Trust: 1.6
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.54	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.48	Trust: 1.6
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.32	Trust: 1.0
vendor:	netgear	model:	ex6150	scope:	lt	version:	1.0.1.54	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.0.0.58	Trust: 1.0
vendor:	netgear	model:	ex6150	scope:	eq	version:	1.0.1.54	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.24	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.32	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.22	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.22	Trust: 0.8
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.2.0.22	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.10	Trust: 0.8
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.2.0.22	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.54	Trust: 0.8
vendor:	netgear	model:	wnr2000v5	scope:	lt	version:	1.0.0.58	Trust: 0.6
vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.2.32	Trust: 0.6
vendor:	netgear	model:	wndr4500v3	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	wndr4300v2	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	ex6150v2	scope:	lt	version:	1.0.1.54	Trust: 0.6

sources: CNVD: CNVD-2020-25884 // JVNDB: JVNDB-2017-014863 // NVD: CVE-2017-18738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18738
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18738
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014863
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-25884
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2033
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18738
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014863
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25884
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18738
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18738
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014863
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25884 // JVNDB: JVNDB-2017-014863 // CNNVD: CNNVD-202004-2033 // NVD: CVE-2017-18738 // NVD: CVE-2017-18738

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2017-014863 // NVD: CVE-2017-18738

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2033

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2033

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014863

PATCH

title:	Security Advisory for Pre-Authentication Stack Overflow on Some Routers and Extenders, PSV-2017-0706	url:	https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706	Trust: 0.8
title:	Patch for Multiple NETGEAR products buffer overflow leak (CNVD-2020-25884)	url:	https://www.cnvd.org.cn/patchInfo/show/216025	Trust: 0.6
title:	Multiple NETGEAR Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116788	Trust: 0.6

sources: CNVD: CNVD-2020-25884 // JVNDB: JVNDB-2017-014863 // CNNVD: CNNVD-202004-2033

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18738	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014863	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25884	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2033	Trust: 0.6

sources: CNVD: CNVD-2020-25884 // JVNDB: JVNDB-2017-014863 // CNNVD: CNNVD-202004-2033 // NVD: CVE-2017-18738

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18738	Trust: 2.0
url:	https://kb.netgear.com/000051517/security-advisory-for-pre-authentication-stack-overflow-on-some-routers-and-extenders-psv-2017-0706	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18738	Trust: 0.8

sources: CNVD: CNVD-2020-25884 // JVNDB: JVNDB-2017-014863 // CNNVD: CNNVD-202004-2033 // NVD: CVE-2017-18738

SOURCES

db:	CNVD	id:	CNVD-2020-25884
db:	JVNDB	id:	JVNDB-2017-014863
db:	CNNVD	id:	CNNVD-202004-2033
db:	NVD	id:	CVE-2017-18738

LAST UPDATE DATE

2024-11-23T22:05:40.228000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25884	date:	2020-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-014863	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-2033	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18738	date:	2024-11-21T03:20:48.017

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25884	date:	2020-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-014863	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-2033	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18738	date:	2020-04-23T17:15:12.550