Sign-up

ID

VAR-202004-1515


CVE

CVE-2017-18863


TITLE

plural NETGEAR Product injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-014995

DESCRIPTION

Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions

Trust: 1.71

sources: NVD: CVE-2017-18863 // JVNDB: JVNDB-2017-014995 // VULMON: CVE-2017-18863

AFFECTED PRODUCTS

vendor:netgearmodel:wndap660scope:ltversion:3.5.20.0

Trust: 1.0

vendor:netgearmodel:wn604scope:ltversion:3.3.3

Trust: 1.0

vendor:netgearmodel:wac120scope:ltversion:2.0.7

Trust: 1.0

vendor:netgearmodel:wndap360scope:ltversion:3.5.20.0

Trust: 1.0

vendor:netgearmodel:wndap350scope:ltversion:3.5.20.0

Trust: 1.0

vendor:netgearmodel:wndap620scope:ltversion:2.0.11

Trust: 1.0

vendor:netgearmodel:wnd930scope:ltversion:2.0.11

Trust: 1.0

vendor:netgearmodel:wnap210scope:ltversion:3.5.20.0

Trust: 1.0

vendor:netgearmodel:wnap320scope:ltversion:3.5.20.0

Trust: 1.0

vendor:netgearmodel:wac120scope:eqversion:2.0.7

Trust: 0.8

vendor:netgearmodel:wn604scope:eqversion:3.3.3

Trust: 0.8

vendor:netgearmodel:wnap210scope:eqversion:3.5.20.0

Trust: 0.8

vendor:netgearmodel:wnap320scope:eqversion:3.5.20.0

Trust: 0.8

vendor:netgearmodel:wnd930scope:eqversion:2.0.11

Trust: 0.8

vendor:netgearmodel:wndap350scope:eqversion:3.5.20.0

Trust: 0.8

vendor:netgearmodel:wndap360scope:eqversion:3.5.20.0

Trust: 0.8

vendor:netgearmodel:wndap620scope:eqversion:2.0.11

Trust: 0.8

vendor:netgearmodel:wndap660scope:eqversion:3.5.20.0

Trust: 0.8

vendor:netgearmodel:wnd930scope:eqversion: -

Trust: 0.1

sources: VULMON: CVE-2017-18863 // JVNDB: JVNDB-2017-014995 // NVD: CVE-2017-18863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18863
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014995
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2262
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-18863
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-18863
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-014995
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2017-18863
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2017-014995
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2017-18863 // JVNDB: JVNDB-2017-014995 // CNNVD: CNNVD-202004-2262 // NVD: CVE-2017-18863

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2017-014995 // NVD: CVE-2017-18863

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2262

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2262

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014995

PATCH
title:Security Advisory for PHP Vulnerabilities on Wireless Access Points, PSV-2017-0517 and PSV-2016-0258url:https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258
Trust: 0.8
title:Multiple NETGEAR Fixing measures for product injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117741
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014995 // 
            
            
            
            CNNVD: CNNVD-202004-2262

EXTERNAL IDS
db:NVDid:CVE-2017-18863
Trust: 2.5
db:JVNDBid:JVNDB-2017-014995
Trust: 0.8
db:CNNVDid:CNNVD-202004-2262
Trust: 0.6
db:VULMONid:CVE-2017-18863
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18863 // 
            
            
            
            JVNDB: JVNDB-2017-014995 // 
            
            
            
            CNNVD: CNNVD-202004-2262 // 
            
            
            
            NVD: CVE-2017-18863

REFERENCES
url:https://kb.netgear.com/000037827/security-advisory-for-php-vulnerabilities-on-wireless-access-points-psv-2017-0517-and-psv-2016-0258
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-18863
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18863
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18863 // 
            
            
            
            JVNDB: JVNDB-2017-014995 // 
            
            
            
            CNNVD: CNNVD-202004-2262 // 
            
            
            
            NVD: CVE-2017-18863

SOURCES
db:VULMONid:CVE-2017-18863
db:JVNDBid:JVNDB-2017-014995
db:CNNVDid:CNNVD-202004-2262
db:NVDid:CVE-2017-18863

LAST UPDATE DATE
2024-11-23T22:29:38.886000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2017-18863date:2020-05-05T00:00:00
db:JVNDBid:JVNDB-2017-014995date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2262date:2020-05-14T00:00:00
db:NVDid:CVE-2017-18863date:2024-11-21T03:21:07.387

SOURCES RELEASE DATE
db:VULMONid:CVE-2017-18863date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2017-014995date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2262date:2020-04-28T00:00:00
db:NVDid:CVE-2017-18863date:2020-04-28T16:15:12.747