Sign-up

ID

VAR-202004-1651


CVE

CVE-2018-21164


TITLE

NETGEAR WNDR3700 and R6220 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-52567 // CNNVD: CNNVD-202004-2037

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54. NETGEAR R6220 and WNDR3700v5 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both NETGEAR WNDR3700 and NETGEAR R6220 are wireless routers from NETGEAR. The vulnerability stems from the fact that the network system or product does not correctly filter the special characters, commands, etc. in the process of constructing the executable command of the operating system by external input data. Attackers can use this vulnerability to execute illegal operating system commands. This affects R6220 prior to 1.1.0.64 and WNDR3700v5 prior to 1.1.0.54

Trust: 2.25

sources: NVD: CVE-2018-21164 // JVNDB: JVNDB-2018-016418 // CNVD: CNVD-2021-52567 // VULMON: CVE-2018-21164

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52567

AFFECTED PRODUCTS

vendor:netgearmodel:r6220scope:ltversion:1.1.0.64

Trust: 1.6

vendor:netgearmodel:wndr3700scope:ltversion:1.1.0.54

Trust: 1.0

vendor:netgearmodel:r6220scope:eqversion:1.1.0.64

Trust: 0.8

vendor:netgearmodel:wndr3700scope:eqversion:1.1.0.54

Trust: 0.8

vendor:netgearmodel:wndr3700v5scope:ltversion:1.1.0.54

Trust: 0.6

sources: CNVD: CNVD-2021-52567 // JVNDB: JVNDB-2018-016418 // NVD: CVE-2018-21164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21164
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21164
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2018-016418
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-52567
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2037
value: HIGH

Trust: 0.6

VULMON: CVE-2018-21164
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-21164
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016418
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52567
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21164
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21164
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016418
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52567 // VULMON: CVE-2018-21164 // JVNDB: JVNDB-2018-016418 // CNNVD: CNNVD-202004-2037 // NVD: CVE-2018-21164 // NVD: CVE-2018-21164

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-016418 // NVD: CVE-2018-21164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2037

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2037

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016418

PATCH
title:Security Advisory for Post-Authentication Command Injection on Some Routers, PSV-2017-3171url:https://kb.netgear.com/000055195/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2017-3171
Trust: 0.8
title:Patch for NETGEAR WNDR3700 and R6220 operating system command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/279986
Trust: 0.6
title:NETGEAR WNDR3700  and NETGEAR R6220 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116792
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52567 // 
            
            
            
            JVNDB: JVNDB-2018-016418 // 
            
            
            
            CNNVD: CNNVD-202004-2037

EXTERNAL IDS
db:NVDid:CVE-2018-21164
Trust: 3.1
db:JVNDBid:JVNDB-2018-016418
Trust: 0.8
db:CNVDid:CNVD-2021-52567
Trust: 0.6
db:CNNVDid:CNNVD-202004-2037
Trust: 0.6
db:VULMONid:CVE-2018-21164
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52567 // 
            
            
            
            VULMON: CVE-2018-21164 // 
            
            
            
            JVNDB: JVNDB-2018-016418 // 
            
            
            
            CNNVD: CNNVD-202004-2037 // 
            
            
            
            NVD: CVE-2018-21164

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21164
Trust: 2.0
url:https://kb.netgear.com/000055195/security-advisory-for-post-authentication-command-injection-on-some-routers-psv-2017-3171
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21164
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52567 // 
            
            
            
            VULMON: CVE-2018-21164 // 
            
            
            
            JVNDB: JVNDB-2018-016418 // 
            
            
            
            CNNVD: CNNVD-202004-2037 // 
            
            
            
            NVD: CVE-2018-21164

SOURCES
db:CNVDid:CNVD-2021-52567
db:VULMONid:CVE-2018-21164
db:JVNDBid:JVNDB-2018-016418
db:CNNVDid:CNNVD-202004-2037
db:NVDid:CVE-2018-21164

LAST UPDATE DATE
2024-11-23T22:55:10.179000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52567date:2021-07-20T00:00:00
db:VULMONid:CVE-2018-21164date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2018-016418date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2037date:2020-05-07T00:00:00
db:NVDid:CVE-2018-21164date:2024-11-21T04:03:03.587

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52567date:2020-07-20T00:00:00
db:VULMONid:CVE-2018-21164date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2018-016418date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2037date:2020-04-23T00:00:00
db:NVDid:CVE-2018-21164date:2020-04-23T22:15:12.397