Sign-up

ID

VAR-202004-1576


CVE

CVE-2018-21140


TITLE

NETGEAR D3600 and D6000 Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016294

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. NETGEAR D3600 and D6000 The device contains an input verification vulnerability.Information may be tampered with. Both NETGEAR D3600 and NETGEAR D6000 are wireless modems from NETGEAR. There are security vulnerabilities in NETGEAR D3600 versions before 1.0.0.76 and D6000 versions before 1.0.0.76. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2018-21140 // JVNDB: JVNDB-2018-016294 // CNVD: CNVD-2021-61049

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61049

AFFECTED PRODUCTS

vendor:netgearmodel:d3600scope:ltversion:1.0.0.76

Trust: 1.6

vendor:netgearmodel:d6000scope:ltversion:1.0.0.76

Trust: 1.6

vendor:netgearmodel:d3600scope:eqversion:1.0.0.76

Trust: 0.8

vendor:netgearmodel:d6000scope:eqversion:1.0.0.76

Trust: 0.8

sources: CNVD: CNVD-2021-61049 // JVNDB: JVNDB-2018-016294 // NVD: CVE-2018-21140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21140
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2018-21140
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016294
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61049
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2018-21140
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016294
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61049
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21140
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21140
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016294
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61049 // JVNDB: JVNDB-2018-016294 // NVD: CVE-2018-21140 // NVD: CVE-2018-21140

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-016294 // NVD: CVE-2018-21140

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1837

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016294

PATCH
title:Security Advisory for Security Misconfiguration on Some Modem Routers, PSV-2018-0097url:https://kb.netgear.com/000060221/Security-Advisory-for-Security-Misconfiguration-on-Some-Modem-Routers-PSV-2018-0097
Trust: 0.8
title:Patch for NETGEAR D3600 and D6000 input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/284601
Trust: 0.6
title:NETGEAR D3600  and D6000 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116313
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61049 // 
            
            
            
            JVNDB: JVNDB-2018-016294 // 
            
            
            
            CNNVD: CNNVD-202004-1837

EXTERNAL IDS
db:NVDid:CVE-2018-21140
Trust: 3.0
db:JVNDBid:JVNDB-2018-016294
Trust: 0.8
db:CNVDid:CNVD-2021-61049
Trust: 0.6
db:CNNVDid:CNNVD-202004-1837
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61049 // 
            
            
            
            JVNDB: JVNDB-2018-016294 // 
            
            
            
            CNNVD: CNNVD-202004-1837 // 
            
            
            
            NVD: CVE-2018-21140

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21140
Trust: 2.0
url:https://kb.netgear.com/000060221/security-advisory-for-security-misconfiguration-on-some-modem-routers-psv-2018-0097
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21140
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61049 // 
            
            
            
            JVNDB: JVNDB-2018-016294 // 
            
            
            
            CNNVD: CNNVD-202004-1837 // 
            
            
            
            NVD: CVE-2018-21140

SOURCES
db:CNVDid:CNVD-2021-61049
db:JVNDBid:JVNDB-2018-016294
db:CNNVDid:CNNVD-202004-1837
db:NVDid:CVE-2018-21140

LAST UPDATE DATE
2024-11-23T22:44:36.111000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61049date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2018-016294date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1837date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21140date:2024-11-21T04:02:59.903

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61049date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2018-016294date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1837date:2020-04-21T00:00:00
db:NVDid:CVE-2018-21140date:2020-04-21T21:15:12.680