Sign-up

ID

VAR-202004-1554


CVE

CVE-2018-21118


TITLE

NETGEAR XR500 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016299

DESCRIPTION

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. NETGEAR XR500 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR500 is a wireless router from NETGEAR. There are security vulnerabilities in NETGEAR XR500 versions prior to 2.3.2.32

Trust: 2.16

sources: NVD: CVE-2018-21118 // JVNDB: JVNDB-2018-016299 // CNVD: CNVD-2021-28037

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28037

AFFECTED PRODUCTS

vendor:netgearmodel:xr500scope:ltversion:2.3.2.32

Trust: 1.6

vendor:netgearmodel:xr500scope:eqversion:2.3.2.32

Trust: 0.8

sources: CNVD: CNVD-2021-28037 // JVNDB: JVNDB-2018-016299 // NVD: CVE-2018-21118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21118
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21118
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016299
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-28037
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1915
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21118
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016299
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-28037
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21118
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21118
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016299
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28037 // JVNDB: JVNDB-2018-016299 // CNNVD: CNNVD-202004-1915 // NVD: CVE-2018-21118 // NVD: CVE-2018-21118

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-016299 // NVD: CVE-2018-21118

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1915

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1915

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016299

PATCH
title:Security Advisory for Authentication Bypass on XR500, PSV-2018-0324url:https://kb.netgear.com/000060240/Security-Advisory-for-Authentication-Bypass-on-XR500-PSV-2018-0324
Trust: 0.8
title:Patch for NETGEAR XR500 authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/258011
Trust: 0.6
title:NETGEAR XR500 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117249
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-28037 // 
            
            
            
            JVNDB: JVNDB-2018-016299 // 
            
            
            
            CNNVD: CNNVD-202004-1915

EXTERNAL IDS
db:NVDid:CVE-2018-21118
Trust: 3.0
db:JVNDBid:JVNDB-2018-016299
Trust: 0.8
db:CNVDid:CNVD-2021-28037
Trust: 0.6
db:CNNVDid:CNNVD-202004-1915
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-28037 // 
            
            
            
            JVNDB: JVNDB-2018-016299 // 
            
            
            
            CNNVD: CNNVD-202004-1915 // 
            
            
            
            NVD: CVE-2018-21118

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21118
Trust: 2.0
url:https://kb.netgear.com/000060240/security-advisory-for-authentication-bypass-on-xr500-psv-2018-0324
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21118
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-28037 // 
            
            
            
            JVNDB: JVNDB-2018-016299 // 
            
            
            
            CNNVD: CNNVD-202004-1915 // 
            
            
            
            NVD: CVE-2018-21118

SOURCES
db:CNVDid:CNVD-2021-28037
db:JVNDBid:JVNDB-2018-016299
db:CNNVDid:CNNVD-202004-1915
db:NVDid:CVE-2018-21118

LAST UPDATE DATE
2024-11-23T23:04:24.919000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-28037date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2018-016299date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1915date:2020-04-26T00:00:00
db:NVDid:CVE-2018-21118date:2024-11-21T04:02:56.707

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-28037date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2018-016299date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1915date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21118date:2020-04-22T16:15:11.777