Details of VAR-202004-1423

ID

VAR-202004-1423

CVE

CVE-2017-18740

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014937

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2017-18740 // JVNDB: JVNDB-2017-014937 // CNVD: CNVD-2021-57160

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57160

AFFECTED PRODUCTS

vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.36	Trust: 1.6
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.0.112	Trust: 1.6
vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.16	Trust: 1.6
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.28	Trust: 1.6
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.2.90	Trust: 1.6
vendor:	netgear	model:	d6100	scope:	lt	version:	1.0.0.55	Trust: 1.6
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.2.40	Trust: 1.6
vendor:	netgear	model:	d3600	scope:	lt	version:	1.0.0.61	Trust: 1.6
vendor:	netgear	model:	d6000	scope:	lt	version:	1.0.0.61	Trust: 1.6
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.3.20	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.0.2.88	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.0.0.58	Trust: 1.0
vendor:	netgear	model:	d3600	scope:	eq	version:	1.0.0.61	Trust: 0.8
vendor:	netgear	model:	d6000	scope:	eq	version:	1.0.0.61	Trust: 0.8
vendor:	netgear	model:	d6100	scope:	eq	version:	1.0.0.55	Trust: 0.8
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.28	Trust: 0.8
vendor:	netgear	model:	r7500	scope:	eq	version:	1.0.0.112	Trust: 0.8
vendor:	netgear	model:	r7500	scope:	eq	version:	1.0.3.20	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.2.36	Trust: 0.8
vendor:	netgear	model:	r9000	scope:	eq	version:	1.0.2.40	Trust: 0.8
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.88	Trust: 0.8
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.2.90	Trust: 0.8
vendor:	netgear	model:	wnr2000v5	scope:	lt	version:	1.0.0.58	Trust: 0.6
vendor:	netgear	model:	r7500v2	scope:	lt	version:	1.0.3.20	Trust: 0.6
vendor:	netgear	model:	wndr4500v3	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	wndr4300v2	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	wndr3700v4	scope:	lt	version:	1.0.2.88	Trust: 0.6

sources: CNVD: CNVD-2021-57160 // JVNDB: JVNDB-2017-014937 // NVD: CVE-2017-18740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18740
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18740
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014937
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-57160
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1984
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18740
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014937
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-57160
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18740
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18740
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014937
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-57160 // JVNDB: JVNDB-2017-014937 // CNNVD: CNNVD-202004-1984 // NVD: CVE-2017-18740 // NVD: CVE-2017-18740

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-18740

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1984

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1984

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014937

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers and Gateways, PSV-2017-0615	url:	https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615	Trust: 0.8
title:	Patch for Unspecified vulnerabilities exist in many NETGEAR products (CNVD-2021-57160)	url:	https://www.cnvd.org.cn/patchInfo/show/282676	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116747	Trust: 0.6

sources: CNVD: CNVD-2021-57160 // JVNDB: JVNDB-2017-014937 // CNNVD: CNNVD-202004-1984

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18740	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014937	Trust: 0.8
db:	CNVD	id:	CNVD-2021-57160	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1984	Trust: 0.6

sources: CNVD: CNVD-2021-57160 // JVNDB: JVNDB-2017-014937 // CNNVD: CNNVD-202004-1984 // NVD: CVE-2017-18740

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18740	Trust: 2.0
url:	https://kb.netgear.com/000051515/security-advisory-for-security-misconfiguration-on-some-routers-and-gateways-psv-2017-0615	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18740	Trust: 0.8

sources: CNVD: CNVD-2021-57160 // JVNDB: JVNDB-2017-014937 // CNNVD: CNNVD-202004-1984 // NVD: CVE-2017-18740

SOURCES

db:	CNVD	id:	CNVD-2021-57160
db:	JVNDB	id:	JVNDB-2017-014937
db:	CNNVD	id:	CNNVD-202004-1984
db:	NVD	id:	CVE-2017-18740

LAST UPDATE DATE

2024-11-23T22:33:28.478000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57160	date:	2021-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-014937	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1984	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2017-18740	date:	2024-11-21T03:20:48.380

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57160	date:	2020-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014937	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1984	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2017-18740	date:	2020-04-23T16:15:12.400