Details of VAR-202004-1427

ID

VAR-202004-1427

CVE

CVE-2017-18784

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014913

DESCRIPTION

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D6200, etc. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2017-18784 // JVNDB: JVNDB-2017-014913 // CNVD: CNVD-2020-31239

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31239

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.24	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.36	Trust: 1.6
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.26	Trust: 1.6
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.26	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.60	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.20	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.52	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.12	Trust: 1.6
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.50	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.12	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.12	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.24	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.52	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.20	Trust: 0.8
vendor:	netgear	model:	r6020	scope:	eq	version:	1.0.0.26	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	r6080	scope:	eq	version:	1.0.0.26	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.36	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.60	Trust: 0.8
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.12	Trust: 0.6
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.12	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	1.1.0.50	Trust: 0.6

sources: CNVD: CNVD-2020-31239 // JVNDB: JVNDB-2017-014913 // NVD: CVE-2017-18784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18784
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18784
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014913
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-31239
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1889
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18784
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014913
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31239
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18784
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18784
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014913
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31239 // JVNDB: JVNDB-2017-014913 // CNNVD: CNNVD-202004-1889 // NVD: CVE-2017-18784 // NVD: CVE-2017-18784

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-014913 // NVD: CVE-2017-18784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1889

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1889

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014913

PATCH

title:	Security Advisory for Cross-Site Scripting on Some Routers, PSV-2017-2951	url:	https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951	Trust: 0.8
title:	Patch for Multiple NETGEAR product cross-site scripting vulnerabilities (CNVD-2020-31239)	url:	https://www.cnvd.org.cn/patchInfo/show/219889	Trust: 0.6
title:	Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116665	Trust: 0.6

sources: CNVD: CNVD-2020-31239 // JVNDB: JVNDB-2017-014913 // CNNVD: CNNVD-202004-1889

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18784	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014913	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31239	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1889	Trust: 0.6

sources: CNVD: CNVD-2020-31239 // JVNDB: JVNDB-2017-014913 // CNNVD: CNNVD-202004-1889 // NVD: CVE-2017-18784

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18784	Trust: 2.0
url:	https://kb.netgear.com/000049535/security-advisory-for-cross-site-scripting-on-some-routers-psv-2017-2951	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18784	Trust: 0.8

sources: CNVD: CNVD-2020-31239 // JVNDB: JVNDB-2017-014913 // CNNVD: CNNVD-202004-1889 // NVD: CVE-2017-18784

SOURCES

db:	CNVD	id:	CNVD-2020-31239
db:	JVNDB	id:	JVNDB-2017-014913
db:	CNNVD	id:	CNNVD-202004-1889
db:	NVD	id:	CVE-2017-18784

LAST UPDATE DATE

2024-11-23T22:37:24.987000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31239	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014913	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1889	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18784	date:	2024-11-21T03:20:54.773

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31239	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014913	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1889	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18784	date:	2020-04-22T15:15:12.770