Sign-up

ID

VAR-202004-1552


CVE

CVE-2018-21116


TITLE

NETGEAR XR500 Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016292

DESCRIPTION

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. NETGEAR XR500 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router of NETGEAR

Trust: 2.16

sources: NVD: CVE-2018-21116 // JVNDB: JVNDB-2018-016292 // CNVD: CNVD-2020-31333

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31333

AFFECTED PRODUCTS

vendor:netgearmodel:xr500scope:ltversion:2.3.2.32

Trust: 1.6

vendor:netgearmodel:xr500scope:eqversion:2.3.2.32

Trust: 0.8

sources: CNVD: CNVD-2020-31333 // JVNDB: JVNDB-2018-016292 // NVD: CVE-2018-21116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21116
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21116
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016292
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-31333
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1896
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21116
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016292
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31333
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21116
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21116
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016292
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31333 // JVNDB: JVNDB-2018-016292 // CNNVD: CNNVD-202004-1896 // NVD: CVE-2018-21116 // NVD: CVE-2018-21116

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-21116

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1896

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1896

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016292

PATCH
title:Security Advisory for Pre-authentication and Post-authentication Remote Code Execution on XR500, PSV-2018-0312url:https://kb.netgear.com/000060242/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0312
Trust: 0.8
title:NETGEAR XR500 code execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/219991
Trust: 0.6
title:NETGEAR XR500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116672
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31333 // 
            
            
            
            JVNDB: JVNDB-2018-016292 // 
            
            
            
            CNNVD: CNNVD-202004-1896

EXTERNAL IDS
db:NVDid:CVE-2018-21116
Trust: 3.0
db:JVNDBid:JVNDB-2018-016292
Trust: 0.8
db:CNVDid:CNVD-2020-31333
Trust: 0.6
db:CNNVDid:CNNVD-202004-1896
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31333 // 
            
            
            
            JVNDB: JVNDB-2018-016292 // 
            
            
            
            CNNVD: CNNVD-202004-1896 // 
            
            
            
            NVD: CVE-2018-21116

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21116
Trust: 2.0
url:https://kb.netgear.com/000060242/security-advisory-for-pre-authentication-stack-overflow-on-xr500-psv-2018-0312
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21116
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-31333 // 
            
            
            
            JVNDB: JVNDB-2018-016292 // 
            
            
            
            CNNVD: CNNVD-202004-1896 // 
            
            
            
            NVD: CVE-2018-21116

SOURCES
db:CNVDid:CNVD-2020-31333
db:JVNDBid:JVNDB-2018-016292
db:CNNVDid:CNNVD-202004-1896
db:NVDid:CVE-2018-21116

LAST UPDATE DATE
2024-11-23T23:11:26.853000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31333date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2018-016292date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1896date:2020-04-24T00:00:00
db:NVDid:CVE-2018-21116date:2024-11-21T04:02:56.420

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31333date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2018-016292date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1896date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21116date:2020-04-22T15:15:13.643