Details of VAR-202004-1430

ID

VAR-202004-1430

CVE

CVE-2017-18787

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014950

DESCRIPTION

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050, before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR JNR1010, etc. are all products of NETGEAR. NETGEAR JNR1010 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method

Trust: 2.16

sources: NVD: CVE-2017-18787 // JVNDB: JVNDB-2017-014950 // CNVD: CNVD-2020-31242

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-31242

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.24	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.20	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.12	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.44	Trust: 1.6
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.44	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.24	Trust: 0.8
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.20	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.12	Trust: 0.8
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	wnr2050	scope:	eq	version:	1.1.0.44	Trust: 0.8
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.44	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.44	Trust: 0.6

sources: CNVD: CNVD-2020-31242 // JVNDB: JVNDB-2017-014950 // NVD: CVE-2017-18787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18787
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18787
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014950
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-31242
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1892
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-18787
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014950
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-31242
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18787
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18787
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014950
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-31242 // JVNDB: JVNDB-2017-014950 // CNNVD: CNNVD-202004-1892 // NVD: CVE-2017-18787 // NVD: CVE-2017-18787

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014950 // NVD: CVE-2017-18787

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1892

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1892

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014950

PATCH

title:	Security Advisory for Command Injection on Some Routers, PSV-2017-2948	url:	https://kb.netgear.com/000049528/Security-Advisory-for-Command-Injection-on-Some-Routers-PSV-2017-2948	Trust: 0.8
title:	Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-31242)	url:	https://www.cnvd.org.cn/patchInfo/show/219865	Trust: 0.6
title:	Multiple NETGEAR Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116668	Trust: 0.6

sources: CNVD: CNVD-2020-31242 // JVNDB: JVNDB-2017-014950 // CNNVD: CNNVD-202004-1892

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18787	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014950	Trust: 0.8
db:	CNVD	id:	CNVD-2020-31242	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1892	Trust: 0.6

sources: CNVD: CNVD-2020-31242 // JVNDB: JVNDB-2017-014950 // CNNVD: CNNVD-202004-1892 // NVD: CVE-2017-18787

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18787	Trust: 2.0
url:	https://kb.netgear.com/000049528/security-advisory-for-command-injection-on-some-routers-psv-2017-2948	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18787	Trust: 0.8

sources: CNVD: CNVD-2020-31242 // JVNDB: JVNDB-2017-014950 // CNNVD: CNNVD-202004-1892 // NVD: CVE-2017-18787

SOURCES

db:	CNVD	id:	CNVD-2020-31242
db:	JVNDB	id:	JVNDB-2017-014950
db:	CNNVD	id:	CNNVD-202004-1892
db:	NVD	id:	CVE-2017-18787

LAST UPDATE DATE

2024-11-23T22:48:01.539000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-31242	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014950	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1892	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2017-18787	date:	2024-11-21T03:20:55.303

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-31242	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014950	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1892	date:	2020-04-22T00:00:00
db:	NVD	id:	CVE-2017-18787	date:	2020-04-22T15:15:13.113