Sign-up

ID

VAR-202004-1467


CVE

CVE-2017-18707


TITLE

NETGEAR R8300 and R8500 Classic buffer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2017-015005

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106. NETGEAR R8300 and R8500 A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500 and NETGEAR R8300 are both wireless routers of NETGEAR. This vulnerability stems from network systems or products performing operations on memory without properly verifying the data boundary, which leads to other associated memory locations. This affects R8300 prior to 1.0.2.106 and R8500 prior to 1.0.2.106

Trust: 2.25

sources: NVD: CVE-2017-18707 // JVNDB: JVNDB-2017-015005 // CNVD: CNVD-2020-28007 // VULMON: CVE-2017-18707

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28007

AFFECTED PRODUCTS

vendor:netgearmodel:r8500scope:ltversion:1.0.2.106

Trust: 1.6

vendor:netgearmodel:r8300scope:ltversion:1.0.2.106

Trust: 1.6

vendor:netgearmodel:r8300scope:eqversion:1.0.2.106

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.106

Trust: 0.8

sources: CNVD: CNVD-2020-28007 // JVNDB: JVNDB-2017-015005 // NVD: CVE-2017-18707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18707
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18707
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-015005
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-28007
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2096
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-18707
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18707
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-015005
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28007
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18707
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18707
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-015005
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28007 // VULMON: CVE-2017-18707 // JVNDB: JVNDB-2017-015005 // CNNVD: CNNVD-202004-2096 // NVD: CVE-2017-18707 // NVD: CVE-2017-18707

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2017-015005 // NVD: CVE-2017-18707

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2096

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-015005

PATCH
title:Security Advisory for Post-Authentication Buffer Overflow on Some Routers, PSV-2017-0316url:https://kb.netgear.com/000053158/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2017-0316
Trust: 0.8
title:Patch for NETGEAR R8500 and R8300 buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/217307
Trust: 0.6
title:NETGEAR R8500  and R8300 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117019
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28007 // 
            
            
            
            JVNDB: JVNDB-2017-015005 // 
            
            
            
            CNNVD: CNNVD-202004-2096

EXTERNAL IDS
db:NVDid:CVE-2017-18707
Trust: 3.1
db:JVNDBid:JVNDB-2017-015005
Trust: 0.8
db:CNVDid:CNVD-2020-28007
Trust: 0.6
db:CNNVDid:CNNVD-202004-2096
Trust: 0.6
db:VULMONid:CVE-2017-18707
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28007 // 
            
            
            
            VULMON: CVE-2017-18707 // 
            
            
            
            JVNDB: JVNDB-2017-015005 // 
            
            
            
            CNNVD: CNNVD-202004-2096 // 
            
            
            
            NVD: CVE-2017-18707

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18707
Trust: 2.0
url:https://kb.netgear.com/000053158/security-advisory-for-post-authentication-buffer-overflow-on-some-routers-psv-2017-0316
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18707
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/120.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28007 // 
            
            
            
            VULMON: CVE-2017-18707 // 
            
            
            
            JVNDB: JVNDB-2017-015005 // 
            
            
            
            CNNVD: CNNVD-202004-2096 // 
            
            
            
            NVD: CVE-2017-18707

SOURCES
db:CNVDid:CNVD-2020-28007
db:VULMONid:CVE-2017-18707
db:JVNDBid:JVNDB-2017-015005
db:CNNVDid:CNNVD-202004-2096
db:NVDid:CVE-2017-18707

LAST UPDATE DATE
2024-11-23T23:01:24.349000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28007date:2020-05-13T00:00:00
db:VULMONid:CVE-2017-18707date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2017-015005date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2096date:2020-05-06T00:00:00
db:NVDid:CVE-2017-18707date:2024-11-21T03:20:42.980

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28007date:2020-05-13T00:00:00
db:VULMONid:CVE-2017-18707date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2017-015005date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2096date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18707date:2020-04-24T14:15:12.547