Sign-up

ID

VAR-202004-1573


CVE

CVE-2018-21137


TITLE

NETGEAR D3600 and NETGEAR D6000 Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-25894 // CNNVD: CNNVD-202004-2028

DESCRIPTION

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. NETGEAR D3600 and D6000 A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600 and NETGEAR D6000 are both wireless modems of NETGEAR. NETGEAR D3600 versions prior to 1.0.0.76 and D6000 versions prior to 1.0.0.76 have vulnerabilities in trust management issues. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2018-21137 // JVNDB: JVNDB-2018-016308 // CNVD: CNVD-2020-25894

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-25894

AFFECTED PRODUCTS

vendor:netgearmodel:d3600scope:ltversion:1.0.0.76

Trust: 1.6

vendor:netgearmodel:d6000scope:ltversion:1.0.0.76

Trust: 1.6

vendor:netgearmodel:d3600scope:eqversion:1.0.0.76

Trust: 0.8

vendor:netgearmodel:d6000scope:eqversion:1.0.0.76

Trust: 0.8

sources: CNVD: CNVD-2020-25894 // JVNDB: JVNDB-2018-016308 // NVD: CVE-2018-21137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21137
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2018-21137
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016308
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-25894
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2028
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-21137
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016308
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-25894
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21137
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21137
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016308
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-25894 // JVNDB: JVNDB-2018-016308 // CNNVD: CNNVD-202004-2028 // NVD: CVE-2018-21137 // NVD: CVE-2018-21137

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2018-016308 // NVD: CVE-2018-21137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2028

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202004-2028

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016308

PATCH
title:Security Advisory for Hardcoded Password on Some Modem Routers, PSV-2018-0099url:https://kb.netgear.com/000060223/Security-Advisory-for-Hardcoded-Password-on-Some-Modem-Routers-PSV-2018-0099
Trust: 0.8
title:Patch for NETGEAR D3600 and NETGEAR D6000 Trust Management Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216047
Trust: 0.6
title:NETGEAR D3600  and NETGEAR D6000 Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117264
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25894 // 
            
            
            
            JVNDB: JVNDB-2018-016308 // 
            
            
            
            CNNVD: CNNVD-202004-2028

EXTERNAL IDS
db:NVDid:CVE-2018-21137
Trust: 3.0
db:JVNDBid:JVNDB-2018-016308
Trust: 0.8
db:CNVDid:CNVD-2020-25894
Trust: 0.6
db:CNNVDid:CNNVD-202004-2028
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25894 // 
            
            
            
            JVNDB: JVNDB-2018-016308 // 
            
            
            
            CNNVD: CNNVD-202004-2028 // 
            
            
            
            NVD: CVE-2018-21137

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21137
Trust: 2.0
url:https://kb.netgear.com/000060223/security-advisory-for-hardcoded-password-on-some-modem-routers-psv-2018-0099
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21137
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-25894 // 
            
            
            
            JVNDB: JVNDB-2018-016308 // 
            
            
            
            CNNVD: CNNVD-202004-2028 // 
            
            
            
            NVD: CVE-2018-21137

SOURCES
db:CNVDid:CNVD-2020-25894
db:JVNDBid:JVNDB-2018-016308
db:CNNVDid:CNNVD-202004-2028
db:NVDid:CVE-2018-21137

LAST UPDATE DATE
2024-11-23T23:11:26.828000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25894date:2020-04-30T00:00:00
db:JVNDBid:JVNDB-2018-016308date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-2028date:2020-05-06T00:00:00
db:NVDid:CVE-2018-21137date:2024-11-21T04:02:59.430

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-25894date:2020-04-30T00:00:00
db:JVNDBid:JVNDB-2018-016308date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-2028date:2020-04-23T00:00:00
db:NVDid:CVE-2018-21137date:2020-04-23T21:15:11.580