Details of VAR-202004-1475

ID

VAR-202004-1475

CVE

CVE-2017-18715

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014951

DESCRIPTION

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR EX7000 is a wireless network signal extender of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. This affects EX3700 prior to 1.0.0.66, EX3800 prior to 1.0.0.66, EX6100 prior to 1.0.2.20, EX6120 prior to 1.0.0.34, EX6150 prior to 1.0.0.36, EX6200 prior to 1.0.3.84, and EX7000 prior to 1.0.0.60

Trust: 2.25

sources: NVD: CVE-2017-18715 // JVNDB: JVNDB-2017-014951 // CNVD: CNVD-2020-25840 // VULMON: CVE-2017-18715

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25840

AFFECTED PRODUCTS

vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.66	Trust: 1.6
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.66	Trust: 1.6
vendor:	netgear	model:	ex6100	scope:	lt	version:	1.0.2.20	Trust: 1.6
vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.34	Trust: 1.6
vendor:	netgear	model:	ex6150	scope:	lt	version:	1.0.0.36	Trust: 1.6
vendor:	netgear	model:	ex6200	scope:	lt	version:	1.0.3.84	Trust: 1.6
vendor:	netgear	model:	ex7000	scope:	lt	version:	1.0.0.60	Trust: 1.6
vendor:	netgear	model:	ex3700	scope:	eq	version:	1.0.0.66	Trust: 0.8
vendor:	netgear	model:	ex3800	scope:	eq	version:	1.0.0.66	Trust: 0.8
vendor:	netgear	model:	ex6100	scope:	eq	version:	1.0.2.20	Trust: 0.8
vendor:	netgear	model:	ex6120	scope:	eq	version:	1.0.0.34	Trust: 0.8
vendor:	netgear	model:	ex6150	scope:	eq	version:	1.0.0.36	Trust: 0.8
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.3.84	Trust: 0.8
vendor:	netgear	model:	ex7000	scope:	eq	version:	1.0.0.60	Trust: 0.8
vendor:	netgear	model:	ex3700	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	ex3700	scope:	eq	version:	1.0.0.64	Trust: 0.1
vendor:	netgear	model:	ex3800	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	ex3800	scope:	eq	version:	1.0.0.64	Trust: 0.1
vendor:	netgear	model:	ex6100	scope:	eq	version:	1.0.1.50	Trust: 0.1
vendor:	netgear	model:	ex6100	scope:	eq	version:	1.0.1.54	Trust: 0.1
vendor:	netgear	model:	ex6100	scope:	eq	version:	1.0.1.70	Trust: 0.1
vendor:	netgear	model:	ex6100	scope:	eq	version:	1.0.1.76	Trust: 0.1
vendor:	netgear	model:	ex6120	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	ex6120	scope:	eq	version:	1.0.0.32	Trust: 0.1
vendor:	netgear	model:	ex6150	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.44	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.50	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.52	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.56	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.62	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.64	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.72	Trust: 0.1
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.74	Trust: 0.1
vendor:	netgear	model:	ex7000	scope:	eq	version:	1.0.0.50	Trust: 0.1
vendor:	netgear	model:	ex7000	scope:	eq	version:	1.0.0.56	Trust: 0.1

sources: CNVD: CNVD-2020-25840 // VULMON: CVE-2017-18715 // JVNDB: JVNDB-2017-014951 // NVD: CVE-2017-18715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18715
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18715
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014951
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-25840
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2104
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-18715
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18715
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014951
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25840
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18715
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18715
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014951
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25840 // VULMON: CVE-2017-18715 // JVNDB: JVNDB-2017-014951 // CNNVD: CNNVD-202004-2104 // NVD: CVE-2017-18715 // NVD: CVE-2017-18715

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-014951 // NVD: CVE-2017-18715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2104

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-2104

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014951

PATCH

title:	Security Advisory for Reflected Cross-Site Scripting on Some Extenders, PSV-2016-0075	url:	https://kb.netgear.com/000053133/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Extenders-PSV-2016-0075	Trust: 0.8
title:	Patch for Multiple NETGEAR product cross-site scripting vulnerabilities (CNVD-2020-25840)	url:	https://www.cnvd.org.cn/patchInfo/show/215983	Trust: 0.6
title:	Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117027	Trust: 0.6

sources: CNVD: CNVD-2020-25840 // JVNDB: JVNDB-2017-014951 // CNNVD: CNNVD-202004-2104

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18715	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014951	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25840	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2104	Trust: 0.6
db:	VULMON	id:	CVE-2017-18715	Trust: 0.1

sources: CNVD: CNVD-2020-25840 // VULMON: CVE-2017-18715 // JVNDB: JVNDB-2017-014951 // CNNVD: CNNVD-202004-2104 // NVD: CVE-2017-18715

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18715	Trust: 2.0
url:	https://kb.netgear.com/000053133/security-advisory-for-reflected-cross-site-scripting-on-some-extenders-psv-2016-0075	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18715	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-25840 // VULMON: CVE-2017-18715 // JVNDB: JVNDB-2017-014951 // CNNVD: CNNVD-202004-2104 // NVD: CVE-2017-18715

SOURCES

db:	CNVD	id:	CNVD-2020-25840
db:	VULMON	id:	CVE-2017-18715
db:	JVNDB	id:	JVNDB-2017-014951
db:	CNNVD	id:	CNNVD-202004-2104
db:	NVD	id:	CVE-2017-18715

LAST UPDATE DATE

2024-11-23T22:16:30.262000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25840	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18715	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014951	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2104	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2017-18715	date:	2024-11-21T03:20:44.233

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25840	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18715	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-014951	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2104	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18715	date:	2020-04-24T14:15:13.060