Sign-up

ID

VAR-202004-1654


CVE

CVE-2018-21208


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016340

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500, etc. are all products of NETGEAR. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR R6100 is a wireless router. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7500v2 prior to 1.0.3.24, WNDR4300v2 prior to 1.0.0.50, and WNDR4500v3 prior to 1.0.0.50

Trust: 2.25

sources: NVD: CVE-2018-21208 // JVNDB: JVNDB-2018-016340 // CNVD: CNVD-2021-46561 // VULMON: CVE-2018-21208

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-46561

AFFECTED PRODUCTS

vendor:netgearmodel:r6100scope:ltversion:1.0.1.20

Trust: 1.6

vendor:netgearmodel:d6100scope:ltversion:1.0.0.57

Trust: 1.6

vendor:netgearmodel:r7500scope:ltversion:1.0.3.24

Trust: 1.0

vendor:netgearmodel:wndr4500scope:ltversion:1.0.0.50

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.0.50

Trust: 1.0

vendor:netgearmodel:d6100scope:eqversion:1.0.0.57

Trust: 0.8

vendor:netgearmodel:r6100scope:eqversion:1.0.1.20

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.3.24

Trust: 0.8

vendor:netgearmodel:wndr4300scope:eqversion:1.0.0.50

Trust: 0.8

vendor:netgearmodel:wndr4500scope:eqversion:1.0.0.50

Trust: 0.8

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.24

Trust: 0.6

vendor:netgearmodel:wndr4300v2scope:ltversion:1.0.0.50

Trust: 0.6

vendor:netgearmodel:wndr4500v3scope:ltversion:1.0.0.50

Trust: 0.6

sources: CNVD: CNVD-2021-46561 // JVNDB: JVNDB-2018-016340 // NVD: CVE-2018-21208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21208
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21208
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016340
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-46561
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2279
value: HIGH

Trust: 0.6

VULMON: CVE-2018-21208
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-21208
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016340
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-46561
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21208
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21208
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016340
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-46561 // VULMON: CVE-2018-21208 // JVNDB: JVNDB-2018-016340 // CNNVD: CNNVD-202004-2279 // NVD: CVE-2018-21208 // NVD: CVE-2018-21208

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2018-016340 // NVD: CVE-2018-21208

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2279

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016340

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Routers and Gateways, PSV-2017-2516url:https://kb.netgear.com/000055141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2516
Trust: 0.8
title:Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-46561)url:https://www.cnvd.org.cn/patchInfo/show/276336
Trust: 0.6
title:Multiple NETGEAR Fixing measures for product injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117742
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-46561 // 
            
            
            
            JVNDB: JVNDB-2018-016340 // 
            
            
            
            CNNVD: CNNVD-202004-2279

EXTERNAL IDS
db:NVDid:CVE-2018-21208
Trust: 3.1
db:JVNDBid:JVNDB-2018-016340
Trust: 0.8
db:CNVDid:CNVD-2021-46561
Trust: 0.6
db:CNNVDid:CNNVD-202004-2279
Trust: 0.6
db:VULMONid:CVE-2018-21208
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-46561 // 
            
            
            
            VULMON: CVE-2018-21208 // 
            
            
            
            JVNDB: JVNDB-2018-016340 // 
            
            
            
            CNNVD: CNNVD-202004-2279 // 
            
            
            
            NVD: CVE-2018-21208

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21208
Trust: 2.0
url:https://kb.netgear.com/000055141/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-gateways-psv-2017-2516
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21208
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-46561 // 
            
            
            
            VULMON: CVE-2018-21208 // 
            
            
            
            JVNDB: JVNDB-2018-016340 // 
            
            
            
            CNNVD: CNNVD-202004-2279 // 
            
            
            
            NVD: CVE-2018-21208

SOURCES
db:CNVDid:CNVD-2021-46561
db:VULMONid:CVE-2018-21208
db:JVNDBid:JVNDB-2018-016340
db:CNNVDid:CNNVD-202004-2279
db:NVDid:CVE-2018-21208

LAST UPDATE DATE
2024-11-23T21:51:30.253000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-46561date:2021-07-02T00:00:00
db:VULMONid:CVE-2018-21208date:2020-05-04T00:00:00
db:JVNDBid:JVNDB-2018-016340date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2279date:2020-05-07T00:00:00
db:NVDid:CVE-2018-21208date:2024-11-21T04:03:10.797

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-46561date:2021-07-01T00:00:00
db:VULMONid:CVE-2018-21208date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2018-016340date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2279date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21208date:2020-04-28T16:15:13.763