Details of VAR-202004-1426

ID

VAR-202004-1426

CVE

CVE-2017-18783

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014912

DESCRIPTION

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D6200, etc. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2017-18783 // JVNDB: JVNDB-2017-014912 // CNVD: CNVD-2020-31238

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31238

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.24	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.36	Trust: 1.6
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.26	Trust: 1.6
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.26	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.60	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.20	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.52	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.12	Trust: 1.6
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.50	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.12	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.12	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.24	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.52	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.20	Trust: 0.8
vendor:	netgear	model:	r6020	scope:	eq	version:	1.0.0.26	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r6080	scope:	eq	version:	1.0.0.26	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.36	Trust: 0.8
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.12	Trust: 0.6
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.12	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	1.1.0.50	Trust: 0.6

sources: CNVD: CNVD-2020-31238 // JVNDB: JVNDB-2017-014912 // NVD: CVE-2017-18783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18783
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18783
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014912
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-31238
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1890
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18783
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014912
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31238
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18783
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18783
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014912
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31238 // JVNDB: JVNDB-2017-014912 // CNNVD: CNNVD-202004-1890 // NVD: CVE-2017-18783 // NVD: CVE-2017-18783

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-014912 // NVD: CVE-2017-18783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1890

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1890

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014912

PATCH

title:	Security Advisory for Cross-Site Scripting on Some Routers, PSV-2017-2952	url:	https://kb.netgear.com/000049536/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2952	Trust: 0.8
title:	Patch for Multiple NETGEAR product cross-site scripting vulnerabilities (CNVD-2020-31238)	url:	https://www.cnvd.org.cn/patchInfo/show/219895	Trust: 0.6
title:	Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116666	Trust: 0.6

sources: CNVD: CNVD-2020-31238 // JVNDB: JVNDB-2017-014912 // CNNVD: CNNVD-202004-1890

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18783	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014912	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31238	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1890	Trust: 0.6

sources: CNVD: CNVD-2020-31238 // JVNDB: JVNDB-2017-014912 // CNNVD: CNNVD-202004-1890 // NVD: CVE-2017-18783

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18783	Trust: 2.0
url:	https://kb.netgear.com/000049536/security-advisory-for-cross-site-scripting-on-some-routers-psv-2017-2952	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18783	Trust: 0.8

sources: CNVD: CNVD-2020-31238 // JVNDB: JVNDB-2017-014912 // CNNVD: CNNVD-202004-1890 // NVD: CVE-2017-18783

SOURCES

db:	CNVD	id:	CNVD-2020-31238
db:	JVNDB	id:	JVNDB-2017-014912
db:	CNNVD	id:	CNNVD-202004-1890
db:	NVD	id:	CVE-2017-18783

LAST UPDATE DATE

2024-11-23T23:11:27.001000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31238	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014912	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1890	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18783	date:	2024-11-21T03:20:54.600

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31238	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014912	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1890	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18783	date:	2020-04-22T15:15:12.643