Details of VAR-202004-1636

ID

VAR-202004-1636

CVE

CVE-2018-21231

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016407

DESCRIPTION

plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained and tampered with. Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 prior to 1.0.0.27, D500 prior to 1.0.0.27, D6100 prior to 1.0.0.57, D6220 prior to 1.0.0.40, D6400 prior to 1.0.0.74, D7000 prior to 1.0.1.60, D7800 prior to 1.0.1.34, D8500 prior to 1.0.3.39, DGN2200v4 prior to 1.0.0.94, DGN2200Bv4 prior to 1.0.0.94, EX2700 prior to 1.0.1.42, EX3700 prior to 1.0.0.64, EX3800 prior to 1.0.0.64, EX6000 prior to 1.0.0.24, EX6100 prior to 1.0.2.18, EX6120 prior to 1.0.0.32, EX6130 prior to 1.0.0.22, EX6150 prior to 1.0.0.34_1.0.70, EX6200 prior to 1.0.3.82_1.1.117, EX6400 prior to 1.0.1.78, EX7000 prior to 1.0.0.56, EX7300 prior to 1.0.1.78, JNR1010v2 prior to 1.1.0.42, JR6150 prior to 1.0.1.10, JWNR2010v5 prior to 1.1.0.42, PR2000 prior to 1.0.0.22, R6050 prior to 1.0.1.10, R6100 prior to 1.0.1.16, R6220 prior to 1.1.0.50, R6250 prior to 1.0.4.14, R6300v2 prior to 1.0.4.12, R6400v2 prior to 1.0.2.34, R6700 prior to 1.0.1.26, R6900 prior to 1.0.1.26, R6900P prior to 1.2.0.22, R7000 prior to 1.0.9.6, R7000P prior to 1.2.0.22, R7100LG prior to 1.0.0.40, R7300DST prior to 1.0.0.54, R7500 prior to 1.0.0.110, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.44, R7900 prior to 1.0.1.26, R8000 prior to 1.0.3.48, R8300 prior to 1.0.2.104, R8500 prior to 1.0.2.104, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN2500RPv2 prior to 1.0.1.46, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.56, WNDR3400v3 prior to 1.0.1.14, WNDR3700v4 prior to 1.0.2.96, WNDR3700v5 prior to 1.1.0.54, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.42, WNR2000v5 prior to 1.0.0.64, WNR2020 prior to 1.1.0.42, and WNR2050 prior to 1.1.0.42

Trust: 0.81

sources: JVNDB: JVNDB-2018-016407 // VULMON: CVE-2018-21231

AFFECTED PRODUCTS

vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.32	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.60	Trust: 1.0
vendor:	netgear	model:	dgn2200	scope:	lt	version:	1.0.0.94	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.14	Trust: 1.0
vendor:	netgear	model:	ex6100	scope:	lt	version:	1.0.2.18	Trust: 1.0
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.22	Trust: 1.0
vendor:	netgear	model:	wn3100rp	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.40	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.104	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.34	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.3.10	Trust: 1.0
vendor:	netgear	model:	d500	scope:	lt	version:	1.0.0.27	Trust: 1.0
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	d1500	scope:	lt	version:	1.0.0.27	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.26	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.2.0.22	Trust: 1.0
vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.64	Trust: 1.0
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.54	Trust: 1.0
vendor:	netgear	model:	wndr3400	scope:	lt	version:	1.0.1.14	Trust: 1.0
vendor:	netgear	model:	ex2700	scope:	lt	version:	1.0.1.42	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	lt	version:	1.0.0.57	Trust: 1.0
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.10	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.44	Trust: 1.0
vendor:	netgear	model:	wn2500rp	scope:	lt	version:	1.0.1.46	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.2.0.22	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.2.98	Trust: 1.0
vendor:	netgear	model:	ex6200	scope:	lt	version:	1.0.3.82_1.1.117	Trust: 1.0
vendor:	netgear	model:	dgn2200b	scope:	lt	version:	1.0.0.94	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.3.48	Trust: 1.0
vendor:	netgear	model:	ex6000	scope:	lt	version:	1.0.0.24	Trust: 1.0
vendor:	netgear	model:	ex6130	scope:	lt	version:	1.0.0.22	Trust: 1.0
vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.16	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.0.2.96	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.54	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.26	Trust: 1.0
vendor:	netgear	model:	ex6400	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.26	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.50	Trust: 1.0
vendor:	netgear	model:	ex7000	scope:	lt	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.6	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.40	Trust: 1.0
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.0.110	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.34	Trust: 1.0
vendor:	netgear	model:	ex6150	scope:	lt	version:	1.0.0.34_1.0.70	Trust: 1.0
vendor:	netgear	model:	ex7300	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.10	Trust: 1.0
vendor:	netgear	model:	wn2000rpt	scope:	lt	version:	1.0.1.26	Trust: 1.0
vendor:	netgear	model:	wn3000rp	scope:	lt	version:	1.0.2.66	Trust: 1.0
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.3.26	Trust: 1.0
vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.74	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.104	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.12	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.0.0.64	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.39	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.42	Trust: 1.0
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.64	Trust: 1.0
vendor:	netgear	model:	d1500	scope:	eq	version:	1.0.0.27	Trust: 0.8
vendor:	netgear	model:	d500	scope:	eq	version:	1.0.0.27	Trust: 0.8
vendor:	netgear	model:	d6100	scope:	eq	version:	1.0.0.57	Trust: 0.8
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.40	Trust: 0.8
vendor:	netgear	model:	d6400	scope:	eq	version:	1.0.0.74	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.60	Trust: 0.8
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.34	Trust: 0.8
vendor:	netgear	model:	d8500	scope:	eq	version:	1.0.3.39	Trust: 0.8
vendor:	netgear	model:	dgn2200	scope:	eq	version:	1.0.0.94	Trust: 0.8
vendor:	netgear	model:	dgn2200b	scope:	eq	version:	1.0.0.94	Trust: 0.8

sources: JVNDB: JVNDB-2018-016407 // NVD: CVE-2018-21231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21231
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2018-21231
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2018-016407
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-2129
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2018-21231
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-21231
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2018-016407
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2018-21231
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21231
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016407
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2018-21231 // JVNDB: JVNDB-2018-016407 // CNNVD: CNNVD-202004-2129 // NVD: CVE-2018-21231 // NVD: CVE-2018-21231

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-21231

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2129

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2129

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016407

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers, Gateways, and Extenders, PSV-2016-0102	url:	https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102	Trust: 0.8
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117052	Trust: 0.6

sources: JVNDB: JVNDB-2018-016407 // CNNVD: CNNVD-202004-2129

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21231	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-016407	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-2129	Trust: 0.6
db:	VULMON	id:	CVE-2018-21231	Trust: 0.1

sources: VULMON: CVE-2018-21231 // JVNDB: JVNDB-2018-016407 // CNNVD: CNNVD-202004-2129 // NVD: CVE-2018-21231

REFERENCES

url:	https://kb.netgear.com/000055103/security-advisory-for-security-misconfiguration-on-some-routers-gateways-and-extenders-psv-2016-0102	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-21231	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21231	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2018-21231 // JVNDB: JVNDB-2018-016407 // CNNVD: CNNVD-202004-2129 // NVD: CVE-2018-21231

SOURCES

db:	VULMON	id:	CVE-2018-21231
db:	JVNDB	id:	JVNDB-2018-016407
db:	CNNVD	id:	CNNVD-202004-2129
db:	NVD	id:	CVE-2018-21231

LAST UPDATE DATE

2024-11-23T23:11:26.757000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-21231	date:	2020-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-016407	date:	2020-06-03T00:00:00
db:	CNNVD	id:	CNNVD-202004-2129	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2018-21231	date:	2024-11-21T04:03:14.407

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-21231	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-016407	date:	2020-06-03T00:00:00
db:	CNNVD	id:	CNNVD-202004-2129	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2018-21231	date:	2020-04-24T15:15:13.003