Sign-up

ID

VAR-202004-1470


CVE

CVE-2017-18710


TITLE

NETGEAR R8300 and R8500 Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-015000

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106. NETGEAR R8500 and NETGEAR R8300 are both a wireless router of NETGEAR. There are security vulnerabilities in NETGEAR R8300 versions before 1.0.2.106 and R8500 versions before 1.0.2.106. This affects R8300 prior to 1.0.2.106 and R8500 prior to 1.0.2.106

Trust: 2.25

sources: NVD: CVE-2017-18710 // JVNDB: JVNDB-2017-015000 // CNVD: CNVD-2021-52561 // VULMON: CVE-2017-18710

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52561

AFFECTED PRODUCTS

vendor:netgearmodel:r8500scope:ltversion:1.0.2.106

Trust: 1.6

vendor:netgearmodel:r8300scope:ltversion:1.0.2.106

Trust: 1.6

vendor:netgearmodel:r8300scope:eqversion:1.0.2.106

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.106

Trust: 0.8

sources: CNVD: CNVD-2021-52561 // JVNDB: JVNDB-2017-015000 // NVD: CVE-2017-18710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18710
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18710
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-015000
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-52561
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-2099
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-18710
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-18710
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-015000
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52561
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18710
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18710
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-015000
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52561 // VULMON: CVE-2017-18710 // JVNDB: JVNDB-2017-015000 // CNNVD: CNNVD-202004-2099 // NVD: CVE-2017-18710 // NVD: CVE-2017-18710

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-015000 // NVD: CVE-2017-18710

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2099

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-015000

PATCH
title:Security Advisory for Sensitive Information Disclosure on Some Routers, PSV-2017-0309url:https://kb.netgear.com/000053155/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2017-0309
Trust: 0.8
title:Patch for NETGEAR R8300 and R8500 Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/279971
Trust: 0.6
title:NETGEAR R8300  and R8500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117022
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52561 // 
            
            
            
            JVNDB: JVNDB-2017-015000 // 
            
            
            
            CNNVD: CNNVD-202004-2099

EXTERNAL IDS
db:NVDid:CVE-2017-18710
Trust: 3.1
db:JVNDBid:JVNDB-2017-015000
Trust: 0.8
db:CNVDid:CNVD-2021-52561
Trust: 0.6
db:CNNVDid:CNNVD-202004-2099
Trust: 0.6
db:VULMONid:CVE-2017-18710
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52561 // 
            
            
            
            VULMON: CVE-2017-18710 // 
            
            
            
            JVNDB: JVNDB-2017-015000 // 
            
            
            
            CNNVD: CNNVD-202004-2099 // 
            
            
            
            NVD: CVE-2017-18710

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18710
Trust: 2.0
url:https://kb.netgear.com/000053155/security-advisory-for-sensitive-information-disclosure-on-some-routers-psv-2017-0309
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18710
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52561 // 
            
            
            
            VULMON: CVE-2017-18710 // 
            
            
            
            JVNDB: JVNDB-2017-015000 // 
            
            
            
            CNNVD: CNNVD-202004-2099 // 
            
            
            
            NVD: CVE-2017-18710

SOURCES
db:CNVDid:CNVD-2021-52561
db:VULMONid:CVE-2017-18710
db:JVNDBid:JVNDB-2017-015000
db:CNNVDid:CNNVD-202004-2099
db:NVDid:CVE-2017-18710

LAST UPDATE DATE
2024-11-23T23:04:25.019000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52561date:2021-07-20T00:00:00
db:VULMONid:CVE-2017-18710date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2017-015000date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2099date:2020-05-06T00:00:00
db:NVDid:CVE-2017-18710date:2024-11-21T03:20:43.480

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52561date:2020-07-20T00:00:00
db:VULMONid:CVE-2017-18710date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2017-015000date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2099date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18710date:2020-04-24T14:15:12.733