Details of VAR-202004-1530

ID

VAR-202004-1530

CVE

CVE-2018-21094

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016405

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10

Trust: 1.71

sources: NVD: CVE-2018-21094 // JVNDB: JVNDB-2018-016405 // VULMON: CVE-2018-21094

AFFECTED PRODUCTS

vendor:	netgear	model:	wnd930	scope:	lt	version:	2.1.5	Trust: 1.0
vendor:	netgear	model:	wn604	scope:	lt	version:	3.3.10	Trust: 1.0
vendor:	netgear	model:	wac510	scope:	lt	version:	5.0.5.4	Trust: 1.0
vendor:	netgear	model:	wndap350	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wac505	scope:	lt	version:	5.0.5.4	Trust: 1.0
vendor:	netgear	model:	wnap320	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wndap660	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wndap620	scope:	lt	version:	2.1.7	Trust: 1.0
vendor:	netgear	model:	wnap210	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wndap360	scope:	lt	version:	3.7.11.4	Trust: 1.0
vendor:	netgear	model:	wac120	scope:	lt	version:	2.1.7	Trust: 1.0
vendor:	netgear	model:	wac120	scope:	eq	version:	2.1.7	Trust: 0.8
vendor:	netgear	model:	wac505	scope:	eq	version:	5.0.5.4	Trust: 0.8
vendor:	netgear	model:	wac510	scope:	eq	version:	5.0.5.4	Trust: 0.8
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.10	Trust: 0.8
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.1.5	Trust: 0.8
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.1.7	Trust: 0.8
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.7.11.4	Trust: 0.8
vendor:	netgear	model:	wac120	scope:	eq	version:	2.0.7	Trust: 0.1
vendor:	netgear	model:	wac120	scope:	eq	version:	2.1.4	Trust: 0.1
vendor:	netgear	model:	wac505	scope:	eq	version:	5.0.0.17	Trust: 0.1
vendor:	netgear	model:	wac510	scope:	eq	version:	1.3.0.10	Trust: 0.1
vendor:	netgear	model:	wac510	scope:	eq	version:	5.0.0.17	Trust: 0.1
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.3	Trust: 0.1
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.7	Trust: 0.1
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wnap210	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wnd930	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.0.11	Trust: 0.1
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.1.2	Trust: 0.1
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.7.4.0	Trust: 0.1
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.0.11	Trust: 0.1
vendor:	netgear	model:	wndap620	scope:	eq	version:	2.1.3	Trust: 0.1
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.5.20.0	Trust: 0.1
vendor:	netgear	model:	wndap660	scope:	eq	version:	3.7.4.0	Trust: 0.1

sources: VULMON: CVE-2018-21094 // JVNDB: JVNDB-2018-016405 // NVD: CVE-2018-21094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21094
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2018-21094
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2018-016405
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-2173
value:	HIGH
Trust: 0.6
VULMON:	CVE-2018-21094
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-21094
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2018-016405
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2018-21094
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21094
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016405
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2018-21094 // JVNDB: JVNDB-2018-016405 // CNNVD: CNNVD-202004-2173 // NVD: CVE-2018-21094 // NVD: CVE-2018-21094

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2018-016405 // NVD: CVE-2018-21094

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2173

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2173

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016405

PATCH

title:	Security Advisory for a Security Misconfiguration on Some Wireless Access Points, PSV-2018-0350	url:	https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350	Trust: 0.8
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117280	Trust: 0.6

sources: JVNDB: JVNDB-2018-016405 // CNNVD: CNNVD-202004-2173

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21094	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-016405	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-2173	Trust: 0.6
db:	VULMON	id:	CVE-2018-21094	Trust: 0.1

sources: VULMON: CVE-2018-21094 // JVNDB: JVNDB-2018-016405 // CNNVD: CNNVD-202004-2173 // NVD: CVE-2018-21094

REFERENCES

url:	https://kb.netgear.com/000060460/security-advisory-for-a-security-misconfiguration-on-some-wireless-access-points-psv-2018-0350	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-21094	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21094	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2018-21094 // JVNDB: JVNDB-2018-016405 // CNNVD: CNNVD-202004-2173 // NVD: CVE-2018-21094

SOURCES

db:	VULMON	id:	CVE-2018-21094
db:	JVNDB	id:	JVNDB-2018-016405
db:	CNNVD	id:	CNNVD-202004-2173
db:	NVD	id:	CVE-2018-21094

LAST UPDATE DATE

2024-11-23T23:01:24.280000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-21094	date:	2020-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-016405	date:	2020-06-02T00:00:00
db:	CNNVD	id:	CNNVD-202004-2173	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2018-21094	date:	2024-11-21T04:02:53.217

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-21094	date:	2020-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-016405	date:	2020-06-02T00:00:00
db:	CNNVD	id:	CNNVD-202004-2173	date:	2020-04-27T00:00:00
db:	NVD	id:	CVE-2018-21094	date:	2020-04-27T15:15:12.143