Sign-up

ID

VAR-202004-1582


CVE

CVE-2018-21146


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016296

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR WNDR4300 is a wireless router. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2018-21146 // JVNDB: JVNDB-2018-016296 // CNVD: CNVD-2021-61051

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61051

AFFECTED PRODUCTS

vendor:netgearmodel:d7800scope:ltversion:1.0.1.34

Trust: 1.6

vendor:netgearmodel:r7800scope:ltversion:1.0.2.42

Trust: 1.6

vendor:netgearmodel:r8900scope:ltversion:1.0.3.10

Trust: 1.6

vendor:netgearmodel:r9000scope:ltversion:1.0.3.10

Trust: 1.6

vendor:netgearmodel:wndr4500scope:ltversion:1.0.0.54

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.0.54

Trust: 1.0

vendor:netgearmodel:d7800scope:eqversion:1.0.1.34

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.42

Trust: 0.8

vendor:netgearmodel:r8900scope:eqversion:1.0.3.10

Trust: 0.8

vendor:netgearmodel:r9000scope:eqversion:1.0.3.10

Trust: 0.8

vendor:netgearmodel:wndr4300scope:eqversion:1.0.0.54

Trust: 0.8

vendor:netgearmodel:wndr4500scope:eqversion:1.0.0.54

Trust: 0.8

vendor:netgearmodel:wndr4300v2scope:ltversion:1.0.0.54

Trust: 0.6

vendor:netgearmodel:wndr4500v3scope:ltversion:1.0.0.54

Trust: 0.6

sources: CNVD: CNVD-2021-61051 // JVNDB: JVNDB-2018-016296 // NVD: CVE-2018-21146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21146
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2018-21146
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2018-016296
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61051
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-21146
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016296
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61051
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21146
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21146
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016296
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61051 // JVNDB: JVNDB-2018-016296 // NVD: CVE-2018-21146 // NVD: CVE-2018-21146

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2018-016296 // NVD: CVE-2018-21146

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1846

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016296

PATCH
title:Security Advisory for Post-Authentication Command Injection on Some Gateways and Routers, PSV-2017-3159url:https://kb.netgear.com/000059487/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2017-3159
Trust: 0.8
title:Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-61051)url:https://www.cnvd.org.cn/patchInfo/show/284606
Trust: 0.6
title:Multiple NETGEAR Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116322
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61051 // 
            
            
            
            JVNDB: JVNDB-2018-016296 // 
            
            
            
            CNNVD: CNNVD-202004-1846

EXTERNAL IDS
db:NVDid:CVE-2018-21146
Trust: 3.0
db:JVNDBid:JVNDB-2018-016296
Trust: 0.8
db:CNVDid:CNVD-2021-61051
Trust: 0.6
db:CNNVDid:CNNVD-202004-1846
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61051 // 
            
            
            
            JVNDB: JVNDB-2018-016296 // 
            
            
            
            CNNVD: CNNVD-202004-1846 // 
            
            
            
            NVD: CVE-2018-21146

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21146
Trust: 2.0
url:https://kb.netgear.com/000059487/security-advisory-for-post-authentication-command-injection-on-some-gateways-and-routers-psv-2017-3159
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21146
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61051 // 
            
            
            
            JVNDB: JVNDB-2018-016296 // 
            
            
            
            CNNVD: CNNVD-202004-1846 // 
            
            
            
            NVD: CVE-2018-21146

SOURCES
db:CNVDid:CNVD-2021-61051
db:JVNDBid:JVNDB-2018-016296
db:CNNVDid:CNNVD-202004-1846
db:NVDid:CVE-2018-21146

LAST UPDATE DATE
2024-11-23T22:58:18.045000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61051date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2018-016296date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1846date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21146date:2024-11-21T04:03:00.803

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61051date:2021-08-08T00:00:00
db:JVNDBid:JVNDB-2018-016296date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1846date:2020-04-21T00:00:00
db:NVDid:CVE-2018-21146date:2020-04-21T22:15:14.260