Details of VAR-202004-1579

ID

VAR-202004-1579

CVE

CVE-2018-21143

TITLE

NETGEAR GS810EMX Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-39191 // CNNVD: CNNVD-202004-1839

DESCRIPTION

NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information. NETGEAR GS810EMX is an Ethernet switch from NETGEAR. There are security vulnerabilities in NETGEAR GS810EMX versions before 1.0.0.5

Trust: 2.16

sources: NVD: CVE-2018-21143 // JVNDB: JVNDB-2018-016317 // CNVD: CNVD-2021-39191

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39191

AFFECTED PRODUCTS

vendor:	netgear	model:	gs810emx	scope:	lt	version:	1.0.0.5	Trust: 1.6
vendor:	netgear	model:	gs810emx	scope:	eq	version:	1.0.0.5	Trust: 0.8

sources: CNVD: CNVD-2021-39191 // JVNDB: JVNDB-2018-016317 // NVD: CVE-2018-21143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21143
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2018-21143
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2018-016317
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-39191
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1839
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-21143
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2018-016317
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-39191
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-21143
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21143
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016317
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-39191 // JVNDB: JVNDB-2018-016317 // CNNVD: CNNVD-202004-1839 // NVD: CVE-2018-21143 // NVD: CVE-2018-21143

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-016317 // NVD: CVE-2018-21143

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1839

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1839

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016317

PATCH

title:	Security Advisory for Sensitive Information Disclosure on GS810EMX, PSV-2018-0220	url:	https://kb.netgear.com/000059490/Security-Advisory-for-Sensitive-Information-Disclosure-on-GS810EMX-PSV-2018-0220	Trust: 0.8
title:	Patch for NETGEAR GS810EMX Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/269686	Trust: 0.6
title:	NETGEAR GS810EMX Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116315	Trust: 0.6

sources: CNVD: CNVD-2021-39191 // JVNDB: JVNDB-2018-016317 // CNNVD: CNNVD-202004-1839

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21143	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-016317	Trust: 0.8
db:	CNVD	id:	CNVD-2021-39191	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1839	Trust: 0.6

sources: CNVD: CNVD-2021-39191 // JVNDB: JVNDB-2018-016317 // CNNVD: CNNVD-202004-1839 // NVD: CVE-2018-21143

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-21143	Trust: 2.0
url:	https://kb.netgear.com/000059490/security-advisory-for-sensitive-information-disclosure-on-gs810emx-psv-2018-0220	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21143	Trust: 0.8

sources: CNVD: CNVD-2021-39191 // JVNDB: JVNDB-2018-016317 // CNNVD: CNNVD-202004-1839 // NVD: CVE-2018-21143

SOURCES

db:	CNVD	id:	CNVD-2021-39191
db:	JVNDB	id:	JVNDB-2018-016317
db:	CNNVD	id:	CNNVD-202004-1839
db:	NVD	id:	CVE-2018-21143

LAST UPDATE DATE

2024-11-23T22:51:26.139000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-39191	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-016317	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1839	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2018-21143	date:	2024-11-21T04:03:00.357

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-39191	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-016317	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1839	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2018-21143	date:	2020-04-21T21:15:12.803