Sign-up

ID

VAR-202004-1553


CVE

CVE-2018-21117


TITLE

NETGEAR XR500 Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016293

DESCRIPTION

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler. NETGEAR XR500 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router of NETGEAR. There is a security vulnerability in NETGEAR XR500 before 2.3.2.32

Trust: 2.25

sources: NVD: CVE-2018-21117 // JVNDB: JVNDB-2018-016293 // CNVD: CNVD-2020-33474 // VULMON: CVE-2018-21117

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33474

AFFECTED PRODUCTS

vendor:netgearmodel:xr500scope:ltversion:2.3.2.32

Trust: 1.6

vendor:netgearmodel:xr500scope:eqversion:2.3.2.32

Trust: 0.8

sources: CNVD: CNVD-2020-33474 // JVNDB: JVNDB-2018-016293 // NVD: CVE-2018-21117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21117
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21117
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016293
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-33474
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1899
value: HIGH

Trust: 0.6

VULMON: CVE-2018-21117
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-21117
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016293
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33474
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21117
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21117
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016293
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33474 // VULMON: CVE-2018-21117 // JVNDB: JVNDB-2018-016293 // CNNVD: CNNVD-202004-1899 // NVD: CVE-2018-21117 // NVD: CVE-2018-21117

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-21117

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1899

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1899

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016293

PATCH
title:Security Advisory for Unauthenticated Remote Code Execution Through Traceroute Handler on XR500, PSV-2018-0313url:https://kb.netgear.com/000060241/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0313
Trust: 0.8
title:Patch for NETGEAR XR500 code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/222067
Trust: 0.6
title:NETGEAR XR500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116675
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33474 // 
            
            
            
            JVNDB: JVNDB-2018-016293 // 
            
            
            
            CNNVD: CNNVD-202004-1899

EXTERNAL IDS
db:NVDid:CVE-2018-21117
Trust: 3.1
db:JVNDBid:JVNDB-2018-016293
Trust: 0.8
db:CNVDid:CNVD-2020-33474
Trust: 0.6
db:CNNVDid:CNNVD-202004-1899
Trust: 0.6
db:VULMONid:CVE-2018-21117
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-33474 // 
            
            
            
            VULMON: CVE-2018-21117 // 
            
            
            
            JVNDB: JVNDB-2018-016293 // 
            
            
            
            CNNVD: CNNVD-202004-1899 // 
            
            
            
            NVD: CVE-2018-21117

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21117
Trust: 2.0
url:https://kb.netgear.com/000060241/security-advisory-for-pre-authentication-stack-overflow-on-xr500-psv-2018-0313
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21117
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-33474 // 
            
            
            
            VULMON: CVE-2018-21117 // 
            
            
            
            JVNDB: JVNDB-2018-016293 // 
            
            
            
            CNNVD: CNNVD-202004-1899 // 
            
            
            
            NVD: CVE-2018-21117

SOURCES
db:CNVDid:CNVD-2020-33474
db:VULMONid:CVE-2018-21117
db:JVNDBid:JVNDB-2018-016293
db:CNNVDid:CNNVD-202004-1899
db:NVDid:CVE-2018-21117

LAST UPDATE DATE
2024-11-23T22:37:24.844000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33474date:2020-06-18T00:00:00
db:VULMONid:CVE-2018-21117date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2018-016293date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1899date:2020-04-24T00:00:00
db:NVDid:CVE-2018-21117date:2024-11-21T04:02:56.563

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33474date:2020-06-18T00:00:00
db:VULMONid:CVE-2018-21117date:2020-04-22T00:00:00
db:JVNDBid:JVNDB-2018-016293date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1899date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21117date:2020-04-22T15:15:13.787