Details of VAR-202004-1480

ID

VAR-202004-1480

CVE

CVE-2017-18720

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014956

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all products of NETGEAR. NETGEAR R6700 is a wireless router. NETGEAR D6200 is a wireless modem. NETGEAR R6800 is a wireless router. This affects D6200 prior to 1.1.00.24, R6700v2 prior to 1.1.0.42, R6800 prior to 1.1.0.42, and R6900v2 prior to 1.1.0.42

Trust: 2.25

sources: NVD: CVE-2017-18720 // JVNDB: JVNDB-2017-014956 // CNVD: CNVD-2020-25845 // VULMON: CVE-2017-18720

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25845

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.24	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.1.0.42	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	r6200	scope:	eq	version:	1.1.00.24	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.1.0.42	Trust: 0.8
vendor:	netgear	model:	r6800	scope:	eq	version:	1.1.0.42	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.1.0.42	Trust: 0.8
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.1.0.42	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.1.0.42	Trust: 0.6
vendor:	netgear	model:	r6700	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.20	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.26	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.36	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.44	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.46	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.48	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.2.32	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.2.52	Trust: 0.1
vendor:	netgear	model:	r6700	scope:	eq	version:	1.1.0.38	Trust: 0.1
vendor:	netgear	model:	r6800	scope:	eq	version:	1.0.1.10	Trust: 0.1
vendor:	netgear	model:	r6800	scope:	eq	version:	1.1.0.38	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.16	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.20	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.26	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.28	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.34	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.44	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.46	Trust: 0.1
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.48	Trust: 0.1

sources: CNVD: CNVD-2020-25845 // VULMON: CVE-2017-18720 // JVNDB: JVNDB-2017-014956 // NVD: CVE-2017-18720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18720
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2017-18720
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014956
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-25845
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2109
value:	HIGH
Trust: 0.6
VULMON:	CVE-2017-18720
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18720
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014956
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25845
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18720
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18720
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014956
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25845 // VULMON: CVE-2017-18720 // JVNDB: JVNDB-2017-014956 // CNNVD: CNNVD-202004-2109 // NVD: CVE-2017-18720 // NVD: CVE-2017-18720

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014956 // NVD: CVE-2017-18720

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2109

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-2109

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014956

PATCH

title:	Security Advisory for Authentication Bypass on Routers, PSV-2017-2148	url:	https://kb.netgear.com/000052277/Security-Advisory-for-Authentication-Bypass-on-Routers-PSV-2017-2148	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2020-25845)	url:	https://www.cnvd.org.cn/patchInfo/show/215961	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117032	Trust: 0.6

sources: CNVD: CNVD-2020-25845 // JVNDB: JVNDB-2017-014956 // CNNVD: CNNVD-202004-2109

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18720	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014956	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25845	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2109	Trust: 0.6
db:	VULMON	id:	CVE-2017-18720	Trust: 0.1

sources: CNVD: CNVD-2020-25845 // VULMON: CVE-2017-18720 // JVNDB: JVNDB-2017-014956 // CNNVD: CNNVD-202004-2109 // NVD: CVE-2017-18720

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18720	Trust: 2.0
url:	https://kb.netgear.com/000052277/security-advisory-for-authentication-bypass-on-routers-psv-2017-2148	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18720	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-25845 // VULMON: CVE-2017-18720 // JVNDB: JVNDB-2017-014956 // CNNVD: CNNVD-202004-2109 // NVD: CVE-2017-18720

SOURCES

db:	CNVD	id:	CNVD-2020-25845
db:	VULMON	id:	CVE-2017-18720
db:	JVNDB	id:	JVNDB-2017-014956
db:	CNNVD	id:	CNNVD-202004-2109
db:	NVD	id:	CVE-2017-18720

LAST UPDATE DATE

2024-11-23T22:41:06.619000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25845	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18720	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014956	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2109	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2017-18720	date:	2024-11-21T03:20:44.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25845	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2017-18720	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-014956	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2109	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2017-18720	date:	2020-04-24T14:15:13.373