Sign-up

ID

VAR-202004-1567


CVE

CVE-2018-21131


TITLE

NETGEAR WAC505 and WAC510 Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016305

DESCRIPTION

Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 An unspecified vulnerability exists in the device.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both a wireless access point (AP) of NETGEAR. There are security vulnerabilities in NETGEAR WAC505 versions before 5.0.0.17 and WAC510 versions before 5.0.0.17. Attackers can use this vulnerability to implement downgrade attacks and upload older versions of firmware

Trust: 2.16

sources: NVD: CVE-2018-21131 // JVNDB: JVNDB-2018-016305 // CNVD: CNVD-2021-57163

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-57163

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac505scope:eqversion:5.0.0.17

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:5.0.0.17

Trust: 0.8

sources: CNVD: CNVD-2021-57163 // JVNDB: JVNDB-2018-016305 // NVD: CVE-2018-21131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21131
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2018-21131
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016305
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-57163
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2022
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21131
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016305
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-57163
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21131
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21131
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016305
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-57163 // JVNDB: JVNDB-2018-016305 // CNNVD: CNNVD-202004-2022 // NVD: CVE-2018-21131 // NVD: CVE-2018-21131

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-21131

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2022

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2022

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016305

PATCH
title:Security Advisory for Unauthenticated Firmware Downgrade on Some Wireless Access Points, PSV-2018-0269url:https://kb.netgear.com/000060244/Security-Advisory-for-Unauthenticated-Firmware-Downgrade-on-Some-Wireless-Access-Points-PSV-2018-0269
Trust: 0.8
title:Patch for NETGEAR WAC505 and WAC510 have unspecified vulnerabilities (CNVD-2021-57163)url:https://www.cnvd.org.cn/patchInfo/show/282686
Trust: 0.6
title:NETGEAR WAC505  and WAC510 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117262
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-57163 // 
            
            
            
            JVNDB: JVNDB-2018-016305 // 
            
            
            
            CNNVD: CNNVD-202004-2022

EXTERNAL IDS
db:NVDid:CVE-2018-21131
Trust: 3.0
db:JVNDBid:JVNDB-2018-016305
Trust: 0.8
db:CNVDid:CNVD-2021-57163
Trust: 0.6
db:CNNVDid:CNNVD-202004-2022
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-57163 // 
            
            
            
            JVNDB: JVNDB-2018-016305 // 
            
            
            
            CNNVD: CNNVD-202004-2022 // 
            
            
            
            NVD: CVE-2018-21131

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21131
Trust: 2.0
url:https://kb.netgear.com/000060244/security-advisory-for-unauthenticated-firmware-downgrade-on-some-wireless-access-points-psv-2018-0269
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21131
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-57163 // 
            
            
            
            JVNDB: JVNDB-2018-016305 // 
            
            
            
            CNNVD: CNNVD-202004-2022 // 
            
            
            
            NVD: CVE-2018-21131

SOURCES
db:CNVDid:CNVD-2021-57163
db:JVNDBid:JVNDB-2018-016305
db:CNNVDid:CNNVD-202004-2022
db:NVDid:CVE-2018-21131

LAST UPDATE DATE
2024-11-23T22:55:10.277000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-57163date:2021-07-31T00:00:00
db:JVNDBid:JVNDB-2018-016305date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-2022date:2020-04-26T00:00:00
db:NVDid:CVE-2018-21131date:2024-11-21T04:02:58.533

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-57163date:2020-07-28T00:00:00
db:JVNDBid:JVNDB-2018-016305date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-2022date:2020-04-23T00:00:00
db:NVDid:CVE-2018-21131date:2020-04-23T20:15:12.787