Details of VAR-202004-1568

ID

VAR-202004-1568

CVE

CVE-2018-21132

TITLE

NETGEAR WAC505 and WAC510 access control error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-25892 // CNNVD: CNNVD-202004-2021

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. NETGEAR WAC505 and WAC510 Devices are vulnerable to lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both wireless access points (AP) of NETGEAR. NETGEAR WAC505 versions prior to 5.0.0.17 and WAC510 versions prior to 5.0.0.17 have access control error vulnerabilities that attackers can use to bypass authentication. This affects WAC505 prior to 5.0.0.17 and WAC510 prior to 5.0.0.17

Trust: 2.25

sources: NVD: CVE-2018-21132 // JVNDB: JVNDB-2018-016306 // CNVD: CNVD-2020-25892 // VULMON: CVE-2018-21132

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25892

AFFECTED PRODUCTS

vendor:	netgear	model:	wac510	scope:	lt	version:	5.0.0.17	Trust: 1.6
vendor:	netgear	model:	wac505	scope:	lt	version:	5.0.0.17	Trust: 1.6
vendor:	netgear	model:	wac505	scope:	eq	version:	5.0.0.17	Trust: 0.8
vendor:	netgear	model:	wac510	scope:	eq	version:	5.0.0.17	Trust: 0.8

sources: CNVD: CNVD-2020-25892 // JVNDB: JVNDB-2018-016306 // NVD: CVE-2018-21132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21132
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2018-21132
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2018-016306
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-25892
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-2021
value:	HIGH
Trust: 0.6
VULMON:	CVE-2018-21132
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-21132
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2018-016306
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25892
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-21132
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21132
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016306
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25892 // VULMON: CVE-2018-21132 // JVNDB: JVNDB-2018-016306 // CNNVD: CNNVD-202004-2021 // NVD: CVE-2018-21132 // NVD: CVE-2018-21132

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2018-016306 // NVD: CVE-2018-21132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2021

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2021

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016306

PATCH

title:	Security Advisory for Authentication Bypass on Some Wireless Access Points, PSV-2018-0299	url:	https://kb.netgear.com/000060228/Security-Advisory-for-Authentication-Bypass-on-Some-Wireless-Access-Points-PSV-2018-0299	Trust: 0.8
title:	Patch for NETGEAR WAC505 and WAC510 access control error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/216045	Trust: 0.6
title:	NETGEAR WAC505 and WAC510 Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117228	Trust: 0.6

sources: CNVD: CNVD-2020-25892 // JVNDB: JVNDB-2018-016306 // CNNVD: CNNVD-202004-2021

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21132	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-016306	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25892	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2021	Trust: 0.6
db:	VULMON	id:	CVE-2018-21132	Trust: 0.1

sources: CNVD: CNVD-2020-25892 // VULMON: CVE-2018-21132 // JVNDB: JVNDB-2018-016306 // CNNVD: CNNVD-202004-2021 // NVD: CVE-2018-21132

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-21132	Trust: 2.0
url:	https://kb.netgear.com/000060228/security-advisory-for-authentication-bypass-on-some-wireless-access-points-psv-2018-0299	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21132	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-25892 // VULMON: CVE-2018-21132 // JVNDB: JVNDB-2018-016306 // CNNVD: CNNVD-202004-2021 // NVD: CVE-2018-21132

SOURCES

db:	CNVD	id:	CNVD-2020-25892
db:	VULMON	id:	CVE-2018-21132
db:	JVNDB	id:	JVNDB-2018-016306
db:	CNNVD	id:	CNNVD-202004-2021
db:	NVD	id:	CVE-2018-21132

LAST UPDATE DATE

2024-11-23T21:51:30.366000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25892	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2018-21132	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-016306	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-2021	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2018-21132	date:	2024-11-21T04:02:58.673

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25892	date:	2020-04-30T00:00:00
db:	VULMON	id:	CVE-2018-21132	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-016306	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-2021	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2018-21132	date:	2020-04-23T20:15:12.837