Sign-up

ID

VAR-202004-1564


CVE

CVE-2018-21128


TITLE

NETGEAR WAC505 and WAC510 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016322

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. There are security vulnerabilities in NETGEAR WAC505 versions before 5.0.0.17 and WAC510 versions before 5.0.0.17

Trust: 2.16

sources: NVD: CVE-2018-21128 // JVNDB: JVNDB-2018-016322 // CNVD: CNVD-2021-28727

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28727

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:eqversion:5.0.0.17

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:5.0.0.17

Trust: 0.8

sources: CNVD: CNVD-2021-28727 // JVNDB: JVNDB-2018-016322 // NVD: CVE-2018-21128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21128
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21128
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016322
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-28727
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1939
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21128
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016322
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-28727
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21128
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21128
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016322
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28727 // JVNDB: JVNDB-2018-016322 // CNNVD: CNNVD-202004-1939 // NVD: CVE-2018-21128 // NVD: CVE-2018-21128

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-016322 // NVD: CVE-2018-21128

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1939

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1939

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016322

PATCH
title:Security Advisory for Authentication Bypass on Some Wireless Access Points, PSV-2018-0264url:https://kb.netgear.com/000060230/Security-Advisory-for-Authentication-Bypass-on-Some-Wireless-Access-Points-PSV-2018-0264
Trust: 0.8
title:Patch for NETGEAR WAC505 and WAC510 authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/258026
Trust: 0.6
title:NETGEAR WAC505  and WAC510 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116709
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-28727 // 
            
            
            
            JVNDB: JVNDB-2018-016322 // 
            
            
            
            CNNVD: CNNVD-202004-1939

EXTERNAL IDS
db:NVDid:CVE-2018-21128
Trust: 3.0
db:JVNDBid:JVNDB-2018-016322
Trust: 0.8
db:CNVDid:CNVD-2021-28727
Trust: 0.6
db:CNNVDid:CNNVD-202004-1939
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-28727 // 
            
            
            
            JVNDB: JVNDB-2018-016322 // 
            
            
            
            CNNVD: CNNVD-202004-1939 // 
            
            
            
            NVD: CVE-2018-21128

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21128
Trust: 2.0
url:https://kb.netgear.com/000060230/security-advisory-for-authentication-bypass-on-some-wireless-access-points-psv-2018-0264
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21128
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-28727 // 
            
            
            
            JVNDB: JVNDB-2018-016322 // 
            
            
            
            CNNVD: CNNVD-202004-1939 // 
            
            
            
            NVD: CVE-2018-21128

SOURCES
db:CNVDid:CNVD-2021-28727
db:JVNDBid:JVNDB-2018-016322
db:CNNVDid:CNNVD-202004-1939
db:NVDid:CVE-2018-21128

LAST UPDATE DATE
2024-11-23T22:41:06.519000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-28727date:2021-05-19T00:00:00
db:JVNDBid:JVNDB-2018-016322date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1939date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21128date:2024-11-21T04:02:58.103

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-28727date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2018-016322date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1939date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21128date:2020-04-22T18:15:11.100