Sign-up

ID

VAR-202004-1562


CVE

CVE-2018-21126


TITLE

NETGEAR WAC505 and WAC510 On the device OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-016316

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands. This affects WAC505 prior to 5.0.0.17 and WAC510 prior to 5.0.0.17

Trust: 2.25

sources: NVD: CVE-2018-21126 // JVNDB: JVNDB-2018-016316 // CNVD: CNVD-2021-52947 // VULMON: CVE-2018-21126

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52947

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:eqversion:5.0.0.17

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:5.0.0.17

Trust: 0.8

sources: CNVD: CNVD-2021-52947 // JVNDB: JVNDB-2018-016316 // NVD: CVE-2018-21126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21126
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21126
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016316
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-52947
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1923
value: HIGH

Trust: 0.6

VULMON: CVE-2018-21126
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-21126
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016316
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52947
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21126
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21126
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016316
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52947 // VULMON: CVE-2018-21126 // JVNDB: JVNDB-2018-016316 // CNNVD: CNNVD-202004-1923 // NVD: CVE-2018-21126 // NVD: CVE-2018-21126

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-016316 // NVD: CVE-2018-21126

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1923

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1923

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016316

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Wireless Access Points, PSV-2018-0262url:https://kb.netgear.com/000060232/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0262
Trust: 0.8
title:Patches for NETGEAR WAC505 and WAC510 operating system command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/280036
Trust: 0.6
title:NETGEAR WAC505  and WAC510 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116694
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52947 // 
            
            
            
            JVNDB: JVNDB-2018-016316 // 
            
            
            
            CNNVD: CNNVD-202004-1923

EXTERNAL IDS
db:NVDid:CVE-2018-21126
Trust: 3.1
db:JVNDBid:JVNDB-2018-016316
Trust: 0.8
db:CNVDid:CNVD-2021-52947
Trust: 0.6
db:CNNVDid:CNNVD-202004-1923
Trust: 0.6
db:VULMONid:CVE-2018-21126
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52947 // 
            
            
            
            VULMON: CVE-2018-21126 // 
            
            
            
            JVNDB: JVNDB-2018-016316 // 
            
            
            
            CNNVD: CNNVD-202004-1923 // 
            
            
            
            NVD: CVE-2018-21126

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21126
Trust: 2.0
url:https://kb.netgear.com/000060232/security-advisory-for-pre-authentication-command-injection-on-some-wireless-access-points-psv-2018-0262
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21126
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52947 // 
            
            
            
            VULMON: CVE-2018-21126 // 
            
            
            
            JVNDB: JVNDB-2018-016316 // 
            
            
            
            CNNVD: CNNVD-202004-1923 // 
            
            
            
            NVD: CVE-2018-21126

SOURCES
db:CNVDid:CNVD-2021-52947
db:VULMONid:CVE-2018-21126
db:JVNDBid:JVNDB-2018-016316
db:CNNVDid:CNNVD-202004-1923
db:NVDid:CVE-2018-21126

LAST UPDATE DATE
2024-11-23T21:59:20.210000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52947date:2021-07-21T00:00:00
db:VULMONid:CVE-2018-21126date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2018-016316date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1923date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21126date:2024-11-21T04:02:57.827

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52947date:2020-07-21T00:00:00
db:VULMONid:CVE-2018-21126date:2020-04-22T00:00:00
db:JVNDBid:JVNDB-2018-016316date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1923date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21126date:2020-04-22T16:15:12.623