Details of VAR-202004-1464

ID

VAR-202004-1464

CVE

CVE-2017-18704

TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014970

DESCRIPTION

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR D6220 is a wireless modem. NETGEAR R6900 is a wireless router. This affects D6220 prior to 1.0.0.32, D6400 prior to 1.0.0.60, D8500 prior to 1.0.3.29, R6250 prior to 1.0.4.16, R6300v2 prior to 1.0.4.18, R6400 prior to 1.01.32, R6400v2 prior to 1.0.2.44, R6700 prior to 1.0.1.36, R6900 prior to 1.0.1.34, R7000 prior to 1.0.9.14, R7000P prior to 1.3.0.8, R6900P prior to 1.3.0.8, R7100LG prior to 1.0.0.34, R7300DST prior to 1.0.0.56, R7900 prior to 1.0.1.26, R8000 prior to 1.0.4.4, R8500 prior to 1.0.2.106, R8300 prior to 1.0.2.106, and WNDR3400v3 prior to 1.0.1.16

Trust: 2.25

sources: NVD: CVE-2017-18704 // JVNDB: JVNDB-2017-014970 // CNVD: CNVD-2020-25861 // VULMON: CVE-2017-18704

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25861

AFFECTED PRODUCTS

vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.60	Trust: 1.6
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.29	Trust: 1.6
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.16	Trust: 1.6
vendor:	netgear	model:	r6400	scope:	lt	version:	1.01.32	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.36	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.34	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.14	Trust: 1.6
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.0.8	Trust: 1.6
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.0.8	Trust: 1.6
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.34	Trust: 1.6
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.56	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.26	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.4	Trust: 1.6
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.106	Trust: 1.6
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.106	Trust: 1.6
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.18	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.44	Trust: 1.0
vendor:	netgear	model:	wndr3400	scope:	lt	version:	1.0.1.16	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.44	Trust: 0.9
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	d6400	scope:	eq	version:	1.0.0.60	Trust: 0.8
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.29	Trust: 0.8
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.16	Trust: 0.8
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.18	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.01.32	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.36	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.34	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.14	Trust: 0.8
vendor:	netgear	model:	r6300v2	scope:	lt	version:	1.0.4.18	Trust: 0.6
vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.2.44	Trust: 0.6
vendor:	netgear	model:	wndr3400v3	scope:	lt	version:	1.0.1.16	Trust: 0.6
vendor:	netgear	model:	d6220	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.22	Trust: 0.1
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.26	Trust: 0.1
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.28	Trust: 0.1
vendor:	netgear	model:	d6400	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	d6400	scope:	eq	version:	1.0.0.56	Trust: 0.1
vendor:	netgear	model:	d8500	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.28	Trust: 0.1
vendor:	netgear	model:	r6250	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.6 10.1.12	Trust: 0.1
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.8	Trust: 0.1
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.12	Trust: 0.1
vendor:	netgear	model:	r6300	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.0.36	Trust: 0.1
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.6	Trust: 0.1
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.8	Trust: 0.1
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.8 10.0.77	Trust: 0.1
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.12	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.12	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.18	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.20	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.24	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.32	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.36	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.42	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.44	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.18	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.30	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.32	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.46	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.52	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.56	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.60	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.62	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.1.0.26	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.01.24	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.20	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.26	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.20	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.26	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.28	Trust: 0.1
vendor:	netgear	model:	r6900p	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.0.0.56	Trust: 0.1
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.0.0.58	Trust: 0.1
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r7000	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.2 1.1.93	Trust: 0.1
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.10	Trust: 0.1
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.4	Trust: 0.1
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.6	Trust: 0.1
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.10	Trust: 0.1
vendor:	netgear	model:	r7000p	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.0.56	Trust: 0.1
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.0.58	Trust: 0.1
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r7100lg	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.28	Trust: 0.1
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.30	Trust: 0.1
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.1
vendor:	netgear	model:	r7300dst	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.44	Trust: 0.1
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.46	Trust: 0.1
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.52	Trust: 0.1
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.54	Trust: 0.1
vendor:	netgear	model:	r7900	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.8	Trust: 0.1
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.12	Trust: 0.1
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.18	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.22	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.24	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.26	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.32	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.36	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.44	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.48	Trust: 0.1
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.54	Trust: 0.1
vendor:	netgear	model:	r8300	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.94	Trust: 0.1
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.100 1.0.82	Trust: 0.1
vendor:	netgear	model:	r8300	scope:	eq	version:	1.0.2.104	Trust: 0.1
vendor:	netgear	model:	r8500	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.74	Trust: 0.1
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.94	Trust: 0.1
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.100	Trust: 0.1
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.100 1.0.82	Trust: 0.1
vendor:	netgear	model:	r8500	scope:	eq	version:	1.0.2.104	Trust: 0.1
vendor:	netgear	model:	wndr3400	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wndr3400	scope:	eq	version:	1.0.1.12	Trust: 0.1
vendor:	netgear	model:	wndr3400	scope:	eq	version:	1.0.1.14	Trust: 0.1

sources: CNVD: CNVD-2020-25861 // VULMON: CVE-2017-18704 // JVNDB: JVNDB-2017-014970 // NVD: CVE-2017-18704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18704
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18704
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014970
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-25861
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-2125
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-18704
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-18704
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014970
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25861
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18704
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18704
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014970
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25861 // VULMON: CVE-2017-18704 // JVNDB: JVNDB-2017-014970 // CNNVD: CNNVD-202004-2125 // NVD: CVE-2017-18704 // NVD: CVE-2017-18704

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014970 // NVD: CVE-2017-18704

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2125

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2125

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014970

PATCH

title:	Security Advisory for Arbitrary File Read on Some Routers and Gateways, PSV-2017-0590	url:	https://kb.netgear.com/000053198/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2017-0590	Trust: 0.8
title:	Patch for Multiple NETGEAR product information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/216015	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117048	Trust: 0.6

sources: CNVD: CNVD-2020-25861 // JVNDB: JVNDB-2017-014970 // CNNVD: CNNVD-202004-2125

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18704	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014970	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25861	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2125	Trust: 0.6
db:	VULMON	id:	CVE-2017-18704	Trust: 0.1

sources: CNVD: CNVD-2020-25861 // VULMON: CVE-2017-18704 // JVNDB: JVNDB-2017-014970 // CNNVD: CNNVD-202004-2125 // NVD: CVE-2017-18704

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18704	Trust: 2.0
url:	https://kb.netgear.com/000053198/security-advisory-for-arbitrary-file-read-on-some-routers-and-gateways-psv-2017-0590	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18704	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-25861 // VULMON: CVE-2017-18704 // JVNDB: JVNDB-2017-014970 // CNNVD: CNNVD-202004-2125 // NVD: CVE-2017-18704

SOURCES

db:	CNVD	id:	CNVD-2020-25861
db:	VULMON	id:	CVE-2017-18704
db:	JVNDB	id:	JVNDB-2017-014970
db:	CNNVD	id:	CNNVD-202004-2125
db:	NVD	id:	CVE-2017-18704

LAST UPDATE DATE

2024-11-23T21:35:53.551000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25861	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18704	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014970	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-2125	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2017-18704	date:	2024-11-21T03:20:42.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25861	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18704	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-014970	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-2125	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18704	date:	2020-04-24T15:15:12.597