Details of VAR-202004-1574

ID

VAR-202004-1574

CVE

CVE-2018-21138

TITLE

NETGEAR D3600 and D6000 Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016327

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. NETGEAR D3600 and D6000 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR D3600 and NETGEAR D6000 are wireless modems from NETGEAR. There are security vulnerabilities in NETGEAR D3600 versions before 1.0.0.76 and D6000 versions before 1.0.0.76. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2018-21138 // JVNDB: JVNDB-2018-016327 // CNVD: CNVD-2021-50927

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-50927

AFFECTED PRODUCTS

vendor:	netgear	model:	d3600	scope:	lt	version:	1.0.0.76	Trust: 1.6
vendor:	netgear	model:	d6000	scope:	lt	version:	1.0.0.76	Trust: 1.6
vendor:	netgear	model:	d3600	scope:	eq	version:	1.0.0.76	Trust: 0.8
vendor:	netgear	model:	d6000	scope:	eq	version:	1.0.0.76	Trust: 0.8

sources: CNVD: CNVD-2021-50927 // JVNDB: JVNDB-2018-016327 // NVD: CVE-2018-21138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21138
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2018-21138
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2018-016327
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-50927
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2030
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-21138
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2018-016327
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-50927
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-21138
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21138
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016327
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-50927 // JVNDB: JVNDB-2018-016327 // CNNVD: CNNVD-202004-2030 // NVD: CVE-2018-21138 // NVD: CVE-2018-21138

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-21138

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2030

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2030

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016327

PATCH

title:	Security Advisory for Security Misconfiguration on Some Modem Routers, PSV-2018-0098	url:	https://kb.netgear.com/000060222/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2018-0098	Trust: 0.8
title:	Patch for NETGEAR has unspecified vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/279121	Trust: 0.6
title:	NETGEAR D3600 and NETGEAR D6000 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116785	Trust: 0.6

sources: CNVD: CNVD-2021-50927 // JVNDB: JVNDB-2018-016327 // CNNVD: CNNVD-202004-2030

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21138	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-016327	Trust: 0.8
db:	CNVD	id:	CNVD-2021-50927	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2030	Trust: 0.6

sources: CNVD: CNVD-2021-50927 // JVNDB: JVNDB-2018-016327 // CNNVD: CNNVD-202004-2030 // NVD: CVE-2018-21138

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-21138	Trust: 2.0
url:	https://kb.netgear.com/000060222/security-advisory-for-security-misconfiguration-on-some-routers-psv-2018-0098	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21138	Trust: 0.8

sources: CNVD: CNVD-2021-50927 // JVNDB: JVNDB-2018-016327 // CNNVD: CNNVD-202004-2030 // NVD: CVE-2018-21138

SOURCES

db:	CNVD	id:	CNVD-2021-50927
db:	JVNDB	id:	JVNDB-2018-016327
db:	CNNVD	id:	CNNVD-202004-2030
db:	NVD	id:	CVE-2018-21138

LAST UPDATE DATE

2024-11-23T22:37:24.818000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-50927	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-016327	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2030	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2018-21138	date:	2024-11-21T04:02:59.577

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-50927	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-016327	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2030	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2018-21138	date:	2020-04-23T21:15:11.627