Sign-up

ID

VAR-202004-1565


CVE

CVE-2018-21129


TITLE

NETGEAR WAC505 and WAC510 Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016323

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. There are security vulnerabilities in NETGEAR WAC505 versions before 5.0.0.17 and WAC510 versions before 5.0.0.17. This affects WAC505 prior to 5.0.0.17 and WAC510 prior to 5.0.0.17

Trust: 2.25

sources: NVD: CVE-2018-21129 // JVNDB: JVNDB-2018-016323 // CNVD: CNVD-2021-52950 // VULMON: CVE-2018-21129

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52950

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:eqversion:5.0.0.17

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:5.0.0.17

Trust: 0.8

sources: CNVD: CNVD-2021-52950 // JVNDB: JVNDB-2018-016323 // NVD: CVE-2018-21129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21129
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2018-21129
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016323
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-52950
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1940
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-21129
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-21129
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016323
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52950
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21129
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21129
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016323
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52950 // VULMON: CVE-2018-21129 // JVNDB: JVNDB-2018-016323 // CNNVD: CNNVD-202004-1940 // NVD: CVE-2018-21129 // NVD: CVE-2018-21129

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-016323 // NVD: CVE-2018-21129

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1940

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1940

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016323

PATCH
title:Security Advisory for Sensitive Information Disclosure on Some Wireless Access Points, PSV-2018-0266url:https://kb.netgear.com/000060245/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2018-0266
Trust: 0.8
title:Patch for NETGEAR WAC505 and WAC510 Information Disclosure Vulnerability (CNVD-2021-52950)url:https://www.cnvd.org.cn/patchInfo/show/280056
Trust: 0.6
title:NETGEAR WAC505  and WAC510 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116710
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52950 // 
            
            
            
            JVNDB: JVNDB-2018-016323 // 
            
            
            
            CNNVD: CNNVD-202004-1940

EXTERNAL IDS
db:NVDid:CVE-2018-21129
Trust: 3.1
db:JVNDBid:JVNDB-2018-016323
Trust: 0.8
db:CNVDid:CNVD-2021-52950
Trust: 0.6
db:CNNVDid:CNNVD-202004-1940
Trust: 0.6
db:VULMONid:CVE-2018-21129
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52950 // 
            
            
            
            VULMON: CVE-2018-21129 // 
            
            
            
            JVNDB: JVNDB-2018-016323 // 
            
            
            
            CNNVD: CNNVD-202004-1940 // 
            
            
            
            NVD: CVE-2018-21129

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21129
Trust: 2.0
url:https://kb.netgear.com/000060245/security-advisory-for-sensitive-information-disclosure-on-some-wireless-access-points-psv-2018-0266
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21129
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52950 // 
            
            
            
            VULMON: CVE-2018-21129 // 
            
            
            
            JVNDB: JVNDB-2018-016323 // 
            
            
            
            CNNVD: CNNVD-202004-1940 // 
            
            
            
            NVD: CVE-2018-21129

SOURCES
db:CNVDid:CNVD-2021-52950
db:VULMONid:CVE-2018-21129
db:JVNDBid:JVNDB-2018-016323
db:CNNVDid:CNNVD-202004-1940
db:NVDid:CVE-2018-21129

LAST UPDATE DATE
2024-11-23T22:11:30.158000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52950date:2021-07-21T00:00:00
db:VULMONid:CVE-2018-21129date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2018-016323date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1940date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21129date:2024-11-21T04:02:58.243

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52950date:2020-07-21T00:00:00
db:VULMONid:CVE-2018-21129date:2020-04-22T00:00:00
db:JVNDBid:JVNDB-2018-016323date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1940date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21129date:2020-04-22T18:15:11.163