Sign-up

ID

VAR-202004-1641


CVE

CVE-2018-21154


TITLE

plural NETGEAR On the device OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-016395

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR DM200 is a wireless modem. NETGEAR R6100 is a wireless router. The vulnerability stems from the process of constructing operating system executable commands from external input data. The network system or product does not properly filter the special characters and commands. The attacker can use this vulnerability to execute Illegal operating system command. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, and R7800 prior to 1.0.2.42

Trust: 2.25

sources: NVD: CVE-2018-21154 // JVNDB: JVNDB-2018-016395 // CNVD: CNVD-2020-28142 // VULMON: CVE-2018-21154

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28142

AFFECTED PRODUCTS

vendor:netgearmodel:r7500scope:ltversion:1.0.0.122

Trust: 1.6

vendor:netgearmodel:d7800scope:ltversion:1.0.1.34

Trust: 1.6

vendor:netgearmodel:r6100scope:ltversion:1.0.1.22

Trust: 1.6

vendor:netgearmodel:r7800scope:ltversion:1.0.2.42

Trust: 1.6

vendor:netgearmodel:dm200scope:ltversion:1.0.0.50

Trust: 1.6

vendor:netgearmodel:r7500scope:ltversion:1.0.3.26

Trust: 1.0

vendor:netgearmodel:d7800scope:eqversion:1.0.1.34

Trust: 0.8

vendor:netgearmodel:dm200scope:eqversion:1.0.0.50

Trust: 0.8

vendor:netgearmodel:r6100scope:eqversion:1.0.1.22

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.0.122

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:v2 1.0.3.26

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.42

Trust: 0.8

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.26

Trust: 0.6

sources: CNVD: CNVD-2020-28142 // JVNDB: JVNDB-2018-016395 // NVD: CVE-2018-21154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21154
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2018-21154
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2018-016395
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-28142
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2200
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-21154
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-21154
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016395
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28142
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21154
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21154
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016395
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28142 // VULMON: CVE-2018-21154 // JVNDB: JVNDB-2018-016395 // CNNVD: CNNVD-202004-2200 // NVD: CVE-2018-21154 // NVD: CVE-2018-21154

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-016395 // NVD: CVE-2018-21154

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2200

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2200

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016395

PATCH
title:Security Advisory for Post-Authentication Command Injection on Some Gateways and Routers, PSV-2017-3133url:https://kb.netgear.com/000059479/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Gateways-and-Routers-PSV-2017-3133
Trust: 0.8
title:Patch for Multiple NETGEAR product operating system command injection vulnerabilities (CNVD-2020-28142)url:https://www.cnvd.org.cn/patchInfo/show/217443
Trust: 0.6
title:Multiple NETGEAR Product operating system command injection vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117717
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28142 // 
            
            
            
            JVNDB: JVNDB-2018-016395 // 
            
            
            
            CNNVD: CNNVD-202004-2200

EXTERNAL IDS
db:NVDid:CVE-2018-21154
Trust: 3.1
db:JVNDBid:JVNDB-2018-016395
Trust: 0.8
db:CNVDid:CNVD-2020-28142
Trust: 0.6
db:CNNVDid:CNNVD-202004-2200
Trust: 0.6
db:VULMONid:CVE-2018-21154
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28142 // 
            
            
            
            VULMON: CVE-2018-21154 // 
            
            
            
            JVNDB: JVNDB-2018-016395 // 
            
            
            
            CNNVD: CNNVD-202004-2200 // 
            
            
            
            NVD: CVE-2018-21154

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21154
Trust: 2.0
url:https://kb.netgear.com/000059479/security-advisory-for-post-authentication-command-injection-on-some-gateways-and-routers-psv-2017-3133
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21154
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28142 // 
            
            
            
            VULMON: CVE-2018-21154 // 
            
            
            
            JVNDB: JVNDB-2018-016395 // 
            
            
            
            CNNVD: CNNVD-202004-2200 // 
            
            
            
            NVD: CVE-2018-21154

SOURCES
db:CNVDid:CNVD-2020-28142
db:VULMONid:CVE-2018-21154
db:JVNDBid:JVNDB-2018-016395
db:CNNVDid:CNNVD-202004-2200
db:NVDid:CVE-2018-21154

LAST UPDATE DATE
2024-11-23T22:29:38.733000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28142date:2020-05-14T00:00:00
db:VULMONid:CVE-2018-21154date:2020-05-05T00:00:00
db:JVNDBid:JVNDB-2018-016395date:2020-06-02T00:00:00
db:CNNVDid:CNNVD-202004-2200date:2020-05-07T00:00:00
db:NVDid:CVE-2018-21154date:2024-11-21T04:03:02.020

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28142date:2020-05-14T00:00:00
db:VULMONid:CVE-2018-21154date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2018-016395date:2020-06-02T00:00:00
db:CNNVDid:CNNVD-202004-2200date:2020-04-27T00:00:00
db:NVDid:CVE-2018-21154date:2020-04-27T18:15:12.277