Sign-up

ID

VAR-202004-1549


CVE

CVE-2018-21113


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016297

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method

Trust: 2.16

sources: NVD: CVE-2018-21113 // JVNDB: JVNDB-2018-016297 // CNVD: CNVD-2020-31330

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31330

AFFECTED PRODUCTS

vendor:netgearmodel:r7800scope:ltversion:1.0.2.52

Trust: 1.6

vendor:netgearmodel:r8900scope:ltversion:1.0.4.12

Trust: 1.6

vendor:netgearmodel:r9000scope:ltversion:1.0.4.12

Trust: 1.6

vendor:netgearmodel:wndr4300scope:ltversion:1.0.2.104

Trust: 1.6

vendor:netgearmodel:d6100scope:ltversion:1.0.0.58

Trust: 1.6

vendor:netgearmodel:d7800scope:ltversion:1.0.1.42

Trust: 1.6

vendor:netgearmodel:r6100scope:ltversion:1.0.1.28

Trust: 1.6

vendor:netgearmodel:r7500scope:ltversion:1.0.0.130

Trust: 1.6

vendor:netgearmodel:r7500scope:ltversion:1.0.3.36

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.0.56

Trust: 1.0

vendor:netgearmodel:wndr3700scope:ltversion:1.0.2.102

Trust: 1.0

vendor:netgearmodel:wndr4500scope:ltversion:1.0.0.56

Trust: 1.0

vendor:netgearmodel:d6100scope:eqversion:1.0.0.58

Trust: 0.8

vendor:netgearmodel:d7800scope:eqversion:1.0.1.42

Trust: 0.8

vendor:netgearmodel:r6100scope:eqversion:1.0.1.28

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.0.130

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.3.36

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.52

Trust: 0.8

vendor:netgearmodel:r8900scope:eqversion:1.0.4.12

Trust: 0.8

vendor:netgearmodel:r9000scope:eqversion:1.0.4.12

Trust: 0.8

vendor:netgearmodel:wndr3700scope:eqversion:1.0.2.102

Trust: 0.8

vendor:netgearmodel:wndr4300scope:eqversion:1.0.2.104

Trust: 0.8

vendor:netgearmodel:wndr3700v4scope:ltversion:1.0.2.102

Trust: 0.6

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.36

Trust: 0.6

vendor:netgearmodel:wndr4300v2scope:ltversion:1.0.0.56

Trust: 0.6

vendor:netgearmodel:wndr4500v3scope:ltversion:1.0.0.56

Trust: 0.6

sources: CNVD: CNVD-2020-31330 // JVNDB: JVNDB-2018-016297 // NVD: CVE-2018-21113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21113
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21113
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016297
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-31330
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1894
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21113
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016297
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31330
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21113
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21113
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016297
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31330 // JVNDB: JVNDB-2018-016297 // CNNVD: CNNVD-202004-1894 // NVD: CVE-2018-21113 // NVD: CVE-2018-21113

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2018-016297 // NVD: CVE-2018-21113

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1894

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1894

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016297

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Routers and Modem Routers, PSV-2018-0033url:https://kb.netgear.com/000060438/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Modem-Routers-PSV-2018-0033
Trust: 0.8
title:Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-31330)url:https://www.cnvd.org.cn/patchInfo/show/219997
Trust: 0.6
title:Multiple NETGEAR Fixing measures for product injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117241
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31330 // 
            
            
            
            JVNDB: JVNDB-2018-016297 // 
            
            
            
            CNNVD: CNNVD-202004-1894

EXTERNAL IDS
db:NVDid:CVE-2018-21113
Trust: 3.0
db:JVNDBid:JVNDB-2018-016297
Trust: 0.8
db:CNVDid:CNVD-2020-31330
Trust: 0.6
db:CNNVDid:CNNVD-202004-1894
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31330 // 
            
            
            
            JVNDB: JVNDB-2018-016297 // 
            
            
            
            CNNVD: CNNVD-202004-1894 // 
            
            
            
            NVD: CVE-2018-21113

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21113
Trust: 2.0
url:https://kb.netgear.com/000060438/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-modem-routers-psv-2018-0033
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21113
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-31330 // 
            
            
            
            JVNDB: JVNDB-2018-016297 // 
            
            
            
            CNNVD: CNNVD-202004-1894 // 
            
            
            
            NVD: CVE-2018-21113

SOURCES
db:CNVDid:CNVD-2020-31330
db:JVNDBid:JVNDB-2018-016297
db:CNNVDid:CNNVD-202004-1894
db:NVDid:CVE-2018-21113

LAST UPDATE DATE
2024-11-23T22:33:28.026000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31330date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2018-016297date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1894date:2020-04-26T00:00:00
db:NVDid:CVE-2018-21113date:2024-11-21T04:02:55.967

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31330date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2018-016297date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1894date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21113date:2020-04-22T15:15:13.473