Sign-up

ID

VAR-202004-1649


CVE

CVE-2018-21162


TITLE

plural NETGEAR On the device OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-016416

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX7000 etc. are all products of NETGEAR company. NETGEAR EX7000 is a wireless network signal extender. NETGEAR R8500 is a wireless router. NETGEAR D6400 is a wireless modem. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands

Trust: 2.16

sources: NVD: CVE-2018-21162 // JVNDB: JVNDB-2018-016416 // CNVD: CNVD-2021-50928

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-50928

AFFECTED PRODUCTS

vendor:netgearmodel:d6400scope:ltversion:1.0.0.78

Trust: 1.6

vendor:netgearmodel:r7000scope:ltversion:1.0.7.10

Trust: 1.6

vendor:netgearmodel:r8000scope:ltversion:1.0.3.36

Trust: 1.6

vendor:netgearmodel:r7900scope:ltversion:1.0.1.12

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.74

Trust: 1.6

vendor:netgearmodel:r6250scope:ltversion:1.0.4.8

Trust: 1.6

vendor:netgearmodel:r6700scope:ltversion:1.0.1.16

Trust: 1.6

vendor:netgearmodel:ex6200scope:ltversion:1.0.3.86

Trust: 1.6

vendor:netgearmodel:ex7000scope:ltversion:1.0.0.64

Trust: 1.6

vendor:netgearmodel:r6400scope:ltversion:1.0.1.12

Trust: 1.6

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.42

Trust: 1.6

vendor:netgearmodel:r7300dstscope:ltversion:1.0.0.44

Trust: 1.6

vendor:netgearmodel:r8300scope:ltversion:1.0.2.74

Trust: 1.6

vendor:netgearmodel:r6300scope:ltversion:1.0.4.6

Trust: 1.0

vendor:netgearmodel:wnr3500lscope:ltversion:1.2.0.48

Trust: 1.0

vendor:netgearmodel:wndr3400scope:ltversion:1.0.1.14

Trust: 1.0

vendor:netgearmodel:d6400scope:eqversion:1.0.0.78

Trust: 0.8

vendor:netgearmodel:ex6200scope:eqversion:1.0.3.86

Trust: 0.8

vendor:netgearmodel:ex7000scope:eqversion:1.0.0.64

Trust: 0.8

vendor:netgearmodel:r6250scope:eqversion:1.0.4.8

Trust: 0.8

vendor:netgearmodel:r6300scope:eqversion:v2 1.0.4.6

Trust: 0.8

vendor:netgearmodel:r6400scope:eqversion:1.0.1.12

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:1.0.1.16

Trust: 0.8

vendor:netgearmodel:r7000scope:eqversion:1.0.7.10

Trust: 0.8

vendor:netgearmodel:r7100lgscope:eqversion:1.0.0.42

Trust: 0.8

vendor:netgearmodel:r7300dstscope:eqversion:1.0.0.44

Trust: 0.8

vendor:netgearmodel:wndr3400v3scope:ltversion:1.0.1.14

Trust: 0.6

vendor:netgearmodel:r6300v2scope:ltversion:1.0.4.6

Trust: 0.6

vendor:netgearmodel:wnr3500lv2scope:ltversion:1.2.0.48

Trust: 0.6

sources: CNVD: CNVD-2021-50928 // JVNDB: JVNDB-2018-016416 // NVD: CVE-2018-21162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21162
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2018-21162
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016416
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-50928
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2035
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-21162
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016416
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-50928
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21162
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21162
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016416
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-50928 // JVNDB: JVNDB-2018-016416 // CNNVD: CNNVD-202004-2035 // NVD: CVE-2018-21162 // NVD: CVE-2018-21162

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-016416 // NVD: CVE-2018-21162

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2035

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2035

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016416

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Gateways, Routers, and Extenders, PSV-2016-0074url:https://kb.netgear.com/000059147/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Gateways-Routers-and-Extenders-PSV-2016-0074
Trust: 0.8
title:Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-50928)url:https://www.cnvd.org.cn/patchInfo/show/279146
Trust: 0.6
title:Multiple NETGEAR Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116790
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-50928 // 
            
            
            
            JVNDB: JVNDB-2018-016416 // 
            
            
            
            CNNVD: CNNVD-202004-2035

EXTERNAL IDS
db:NVDid:CVE-2018-21162
Trust: 3.0
db:JVNDBid:JVNDB-2018-016416
Trust: 0.8
db:CNVDid:CNVD-2021-50928
Trust: 0.6
db:CNNVDid:CNNVD-202004-2035
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-50928 // 
            
            
            
            JVNDB: JVNDB-2018-016416 // 
            
            
            
            CNNVD: CNNVD-202004-2035 // 
            
            
            
            NVD: CVE-2018-21162

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21162
Trust: 2.0
url:https://kb.netgear.com/000059147/security-advisory-for-pre-authentication-command-injection-on-some-gateways-routers-and-extenders-psv-2016-0074
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21162
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-50928 // 
            
            
            
            JVNDB: JVNDB-2018-016416 // 
            
            
            
            CNNVD: CNNVD-202004-2035 // 
            
            
            
            NVD: CVE-2018-21162

SOURCES
db:CNVDid:CNVD-2021-50928
db:JVNDBid:JVNDB-2018-016416
db:CNNVDid:CNNVD-202004-2035
db:NVDid:CVE-2018-21162

LAST UPDATE DATE
2024-11-23T22:11:30.054000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-50928date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2018-016416date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2035date:2020-05-07T00:00:00
db:NVDid:CVE-2018-21162date:2024-11-21T04:03:03.257

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-50928date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2018-016416date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2035date:2020-04-23T00:00:00
db:NVDid:CVE-2018-21162date:2020-04-23T21:15:11.877