Sign-up

ID

VAR-202004-1422


CVE

CVE-2017-18739


TITLE

plural NETGEAR Classic buffer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2017-014864

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.16

sources: NVD: CVE-2017-18739 // JVNDB: JVNDB-2017-014864 // CNVD: CNVD-2021-59157

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-59157

AFFECTED PRODUCTS

vendor:netgearmodel:r7800scope:ltversion:1.0.2.36

Trust: 1.6

vendor:netgearmodel:r6220scope:ltversion:1.1.0.50

Trust: 1.6

vendor:netgearmodel:wndr3400scope:ltversion:1.0.1.14

Trust: 1.0

vendor:netgearmodel:wndr3700scope:ltversion:1.1.0.48

Trust: 1.0

vendor:netgearmodel:r6220scope:eqversion:1.1.0.50

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.36

Trust: 0.8

vendor:netgearmodel:wndr3400scope:eqversion:1.0.1.14

Trust: 0.8

vendor:netgearmodel:wndr3700scope:eqversion:1.1.0.48

Trust: 0.8

vendor:netgearmodel:wndr3700v5scope:ltversion:1.1.0.48

Trust: 0.6

vendor:netgearmodel:wndr3400v3scope:ltversion:1.0.1.14

Trust: 0.6

sources: CNVD: CNVD-2021-59157 // JVNDB: JVNDB-2017-014864 // NVD: CVE-2017-18739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18739
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18739
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014864
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-59157
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1996
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-18739
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2017-014864
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-59157
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18739
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18739
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014864
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-59157 // JVNDB: JVNDB-2017-014864 // CNNVD: CNNVD-202004-1996 // NVD: CVE-2017-18739 // NVD: CVE-2017-18739

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2017-014864 // NVD: CVE-2017-18739

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1996

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1996

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014864

PATCH
title:Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, PSV-2017-0670url:https://kb.netgear.com/000051516/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2017-0670
Trust: 0.8
title:Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-59157)url:https://www.cnvd.org.cn/patchInfo/show/284376
Trust: 0.6
title:Multiple NETGEAR Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116758
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-59157 // 
            
            
            
            JVNDB: JVNDB-2017-014864 // 
            
            
            
            CNNVD: CNNVD-202004-1996

EXTERNAL IDS
db:NVDid:CVE-2017-18739
Trust: 3.0
db:JVNDBid:JVNDB-2017-014864
Trust: 0.8
db:CNVDid:CNVD-2021-59157
Trust: 0.6
db:CNNVDid:CNNVD-202004-1996
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-59157 // 
            
            
            
            JVNDB: JVNDB-2017-014864 // 
            
            
            
            CNNVD: CNNVD-202004-1996 // 
            
            
            
            NVD: CVE-2017-18739

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18739
Trust: 2.0
url:https://kb.netgear.com/000051516/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-psv-2017-0670
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18739
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-59157 // 
            
            
            
            JVNDB: JVNDB-2017-014864 // 
            
            
            
            CNNVD: CNNVD-202004-1996 // 
            
            
            
            NVD: CVE-2017-18739

SOURCES
db:CNVDid:CNVD-2021-59157
db:JVNDBid:JVNDB-2017-014864
db:CNNVDid:CNNVD-202004-1996
db:NVDid:CVE-2017-18739

LAST UPDATE DATE
2024-11-23T21:35:53.601000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-59157date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014864date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1996date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18739date:2024-11-21T03:20:48.197

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-59157date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014864date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1996date:2020-04-23T00:00:00
db:NVDid:CVE-2017-18739date:2020-04-23T17:15:12.613