Sign-up

ID

VAR-202004-1566


CVE

CVE-2018-21130


TITLE

NETGEAR WAC505 and WAC510 On the device OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-016324

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands

Trust: 2.16

sources: NVD: CVE-2018-21130 // JVNDB: JVNDB-2018-016324 // CNVD: CNVD-2021-52951

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52951

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:eqversion:5.0.0.17

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:5.0.0.17

Trust: 0.8

sources: CNVD: CNVD-2021-52951 // JVNDB: JVNDB-2018-016324 // NVD: CVE-2018-21130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21130
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21130
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016324
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-52951
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1941
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21130
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016324
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52951
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21130
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21130
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016324
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52951 // JVNDB: JVNDB-2018-016324 // CNNVD: CNNVD-202004-1941 // NVD: CVE-2018-21130 // NVD: CVE-2018-21130

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-016324 // NVD: CVE-2018-21130

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1941

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1941

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016324

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Wireless Access Points, PSV-2018-0267url:https://kb.netgear.com/000060229/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0267
Trust: 0.8
title:Patch for NETGEAR WAC505 and NETGEAR WAC510 operating system command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/280051
Trust: 0.6
title:NETGEAR WAC505  and WAC510 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116711
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52951 // 
            
            
            
            JVNDB: JVNDB-2018-016324 // 
            
            
            
            CNNVD: CNNVD-202004-1941

EXTERNAL IDS
db:NVDid:CVE-2018-21130
Trust: 3.0
db:JVNDBid:JVNDB-2018-016324
Trust: 0.8
db:CNVDid:CNVD-2021-52951
Trust: 0.6
db:CNNVDid:CNNVD-202004-1941
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52951 // 
            
            
            
            JVNDB: JVNDB-2018-016324 // 
            
            
            
            CNNVD: CNNVD-202004-1941 // 
            
            
            
            NVD: CVE-2018-21130

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21130
Trust: 2.0
url:https://kb.netgear.com/000060229/security-advisory-for-pre-authentication-command-injection-on-some-wireless-access-points-psv-2018-0267
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21130
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-52951 // 
            
            
            
            JVNDB: JVNDB-2018-016324 // 
            
            
            
            CNNVD: CNNVD-202004-1941 // 
            
            
            
            NVD: CVE-2018-21130

SOURCES
db:CNVDid:CNVD-2021-52951
db:JVNDBid:JVNDB-2018-016324
db:CNNVDid:CNNVD-202004-1941
db:NVDid:CVE-2018-21130

LAST UPDATE DATE
2024-11-23T22:05:40.081000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52951date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2018-016324date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1941date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21130date:2024-11-21T04:02:58.397

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52951date:2020-07-21T00:00:00
db:JVNDBid:JVNDB-2018-016324date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1941date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21130date:2020-04-22T18:15:11.227