Sign-up

ID

VAR-202004-1563


CVE

CVE-2018-21127


TITLE

NETGEAR WAC505 and WAC510 On the device OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-016321

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2018-21127 // JVNDB: JVNDB-2018-016321

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:5.0.0.17

Trust: 1.0

vendor:netgearmodel:wac505scope:ltversion:5.0.0.17

Trust: 1.0

vendor:netgearmodel:wac505scope:eqversion:5.0.0.17

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:5.0.0.17

Trust: 0.8

sources: JVNDB: JVNDB-2018-016321 // NVD: CVE-2018-21127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21127
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21127
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016321
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1938
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21127
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016321
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2018-21127
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21127
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016321
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-016321 // CNNVD: CNNVD-202004-1938 // NVD: CVE-2018-21127 // NVD: CVE-2018-21127

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-016321 // NVD: CVE-2018-21127

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1938

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1938

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016321

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Wireless Access Points, PSV-2018-0263url:https://kb.netgear.com/000060231/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0263
Trust: 0.8
title:NETGEAR WAC505  and WAC510 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116708
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-016321 // 
            
            
            
            CNNVD: CNNVD-202004-1938

EXTERNAL IDS
db:NVDid:CVE-2018-21127
Trust: 2.4
db:JVNDBid:JVNDB-2018-016321
Trust: 0.8
db:CNNVDid:CNNVD-202004-1938
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-016321 // 
            
            
            
            CNNVD: CNNVD-202004-1938 // 
            
            
            
            NVD: CVE-2018-21127

REFERENCES
url:https://kb.netgear.com/000060231/security-advisory-for-pre-authentication-command-injection-on-some-wireless-access-points-psv-2018-0263
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-21127
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21127
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-016321 // 
            
            
            
            CNNVD: CNNVD-202004-1938 // 
            
            
            
            NVD: CVE-2018-21127

SOURCES
db:JVNDBid:JVNDB-2018-016321
db:CNNVDid:CNNVD-202004-1938
db:NVDid:CVE-2018-21127

LAST UPDATE DATE
2024-11-23T22:21:12.554000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-016321date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1938date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21127date:2024-11-21T04:02:57.963

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-016321date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1938date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21127date:2020-04-22T18:15:11.037