Details of VAR-202004-1429

ID

VAR-202004-1429

CVE

CVE-2017-18786

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014949

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR JNR1010, etc. are all products of NETGEAR. NETGEAR JNR1010 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method

Trust: 2.16

sources: NVD: CVE-2017-18786 // JVNDB: JVNDB-2017-014949 // CNVD: CNVD-2020-31241

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31241

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.24	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.20	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.24	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.20	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	wnr2050	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6

sources: CNVD: CNVD-2020-31241 // JVNDB: JVNDB-2017-014949 // NVD: CVE-2017-18786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18786
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18786
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014949
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-31241
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1891
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18786
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014949
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31241
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18786
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18786
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014949
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31241 // JVNDB: JVNDB-2017-014949 // CNNVD: CNNVD-202004-1891 // NVD: CVE-2017-18786 // NVD: CVE-2017-18786

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014949 // NVD: CVE-2017-18786

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1891

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1891

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014949

PATCH

title:	Security Advisory for Command Injection on Some Routers, PSV-2017-2949	url:	https://kb.netgear.com/000049529/Security-Advisory-for-Command-Injection-on-Some-Routers-PSV-2017-2949	Trust: 0.8
title:	Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-31241)	url:	https://www.cnvd.org.cn/patchInfo/show/219873	Trust: 0.6
title:	Multiple NETGEAR Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116667	Trust: 0.6

sources: CNVD: CNVD-2020-31241 // JVNDB: JVNDB-2017-014949 // CNNVD: CNNVD-202004-1891

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18786	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014949	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31241	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1891	Trust: 0.6

sources: CNVD: CNVD-2020-31241 // JVNDB: JVNDB-2017-014949 // CNNVD: CNNVD-202004-1891 // NVD: CVE-2017-18786

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18786	Trust: 2.0
url:	https://kb.netgear.com/000049529/security-advisory-for-command-injection-on-some-routers-psv-2017-2949	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18786	Trust: 0.8

sources: CNVD: CNVD-2020-31241 // JVNDB: JVNDB-2017-014949 // CNNVD: CNNVD-202004-1891 // NVD: CVE-2017-18786

SOURCES

db:	CNVD	id:	CNVD-2020-31241
db:	JVNDB	id:	JVNDB-2017-014949
db:	CNNVD	id:	CNNVD-202004-1891
db:	NVD	id:	CVE-2017-18786

LAST UPDATE DATE

2024-11-23T22:44:36.285000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31241	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014949	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1891	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2017-18786	date:	2024-11-21T03:20:55.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31241	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014949	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1891	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18786	date:	2020-04-22T15:15:13.050