Details of VAR-202004-1461

ID

VAR-202004-1461

CVE

CVE-2017-18701

TITLE

NETGEAR R6700 and R6900 cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-28011 // CNNVD: CNNVD-202004-2121

DESCRIPTION

Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34. NETGEAR R6700 and R6900 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR R6700 and NETGEAR R6900 are both wireless routers of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. This affects R6700 prior to 1.0.1.36 and R6900 prior to 1.0.1.34

Trust: 2.25

sources: NVD: CVE-2017-18701 // JVNDB: JVNDB-2017-014969 // CNVD: CNVD-2020-28011 // VULMON: CVE-2017-18701

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-28011

AFFECTED PRODUCTS

vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.36	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.34	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.36	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.34	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.20	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.26	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.20	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.26	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.28	Trust: 0.1

sources: CNVD: CNVD-2020-28011 // VULMON: CVE-2017-18701 // JVNDB: JVNDB-2017-014969 // NVD: CVE-2017-18701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18701
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18701
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014969
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-28011
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2121
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-18701
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18701
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014969
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-28011
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18701
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18701
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014969
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-28011 // VULMON: CVE-2017-18701 // JVNDB: JVNDB-2017-014969 // CNNVD: CNNVD-202004-2121 // NVD: CVE-2017-18701 // NVD: CVE-2017-18701

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-014969 // NVD: CVE-2017-18701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2121

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-2121

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014969

PATCH

title:	Security Advisory for Reflected Cross-Site Scripting on Some Routers, PSV-2017-2513	url:	https://kb.netgear.com/000053201/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2513	Trust: 0.8
title:	Patch for NETGEAR R6700 and R6900 cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/217299	Trust: 0.6
title:	NETGEAR R6700 and R6900 Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117044	Trust: 0.6

sources: CNVD: CNVD-2020-28011 // JVNDB: JVNDB-2017-014969 // CNNVD: CNNVD-202004-2121

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18701	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014969	Trust: 0.8
db:	CNVD	id:	CNVD-2020-28011	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2121	Trust: 0.6
db:	VULMON	id:	CVE-2017-18701	Trust: 0.1

sources: CNVD: CNVD-2020-28011 // VULMON: CVE-2017-18701 // JVNDB: JVNDB-2017-014969 // CNNVD: CNNVD-202004-2121 // NVD: CVE-2017-18701

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18701	Trust: 2.0
url:	https://kb.netgear.com/000053201/security-advisory-for-reflected-cross-site-scripting-on-some-routers-psv-2017-2513	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18701	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-28011 // VULMON: CVE-2017-18701 // JVNDB: JVNDB-2017-014969 // CNNVD: CNNVD-202004-2121 // NVD: CVE-2017-18701

SOURCES

db:	CNVD	id:	CNVD-2020-28011
db:	VULMON	id:	CVE-2017-18701
db:	JVNDB	id:	JVNDB-2017-014969
db:	CNNVD	id:	CNNVD-202004-2121
db:	NVD	id:	CVE-2017-18701

LAST UPDATE DATE

2024-11-23T21:51:30.523000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-28011	date:	2020-05-13T00:00:00
db:	VULMON	id:	CVE-2017-18701	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014969	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-2121	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2017-18701	date:	2024-11-21T03:20:42.010

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-28011	date:	2020-05-13T00:00:00
db:	VULMON	id:	CVE-2017-18701	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-014969	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-2121	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18701	date:	2020-04-24T15:15:12.427