Details of VAR-202004-1686

ID

VAR-202004-1686

CVE

CVE-2018-21228

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016330

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, EX6100v2 before 1.0.1.50, EX6150v2 before 1.0.1.50, EX6200v2 before 1.0.1.44, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.2.30, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX6150, etc. are all products of NETGEAR. NETGEAR EX6150 is a wireless network signal extender. NETGEAR D7800 is a wireless modem. NETGEAR WNDR4300 is a wireless router. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided. This affects D7800 prior to 1.0.1.34, EX6100v2 prior to 1.0.1.50, EX6150v2 prior to 1.0.1.50, EX6200v2 prior to 1.0.1.44, EX6400 prior to 1.0.1.60, EX7300 prior to 1.0.1.60, R6100 prior to 1.0.1.16, R7500 prior to 1.0.0.110, R7800 prior to 1.0.2.32, R9000 prior to 1.0.2.30, WN3000RPv3 prior to 1.0.2.50, WNDR4300v2 prior to 1.0.0.50, and WNDR4500v3 prior to 1.0.0.50

Trust: 2.25

sources: NVD: CVE-2018-21228 // JVNDB: JVNDB-2018-016330 // CNVD: CNVD-2021-57159 // VULMON: CVE-2018-21228

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57159

AFFECTED PRODUCTS

vendor:	netgear	model:	r6100	scope:	lt	version:	1.0.1.16	Trust: 1.6
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.34	Trust: 1.6
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.0.110	Trust: 1.6
vendor:	netgear	model:	ex6400	scope:	lt	version:	1.0.1.60	Trust: 1.6
vendor:	netgear	model:	ex7300	scope:	lt	version:	1.0.1.60	Trust: 1.6
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.2.30	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.32	Trust: 1.0
vendor:	netgear	model:	ex6100	scope:	lt	version:	1.0.1.50	Trust: 1.0
vendor:	netgear	model:	ex6200	scope:	lt	version:	1.0.1.44	Trust: 1.0
vendor:	netgear	model:	ex6150	scope:	lt	version:	1.0.1.50	Trust: 1.0
vendor:	netgear	model:	wn3000rp	scope:	lt	version:	1.0.2.50	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.50	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.50	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.34	Trust: 0.8
vendor:	netgear	model:	ex6100	scope:	eq	version:	1.0.1.50	Trust: 0.8
vendor:	netgear	model:	ex6150	scope:	eq	version:	1.0.1.50	Trust: 0.8
vendor:	netgear	model:	ex6200	scope:	eq	version:	1.0.1.44	Trust: 0.8
vendor:	netgear	model:	ex6400	scope:	eq	version:	1.0.1.60	Trust: 0.8
vendor:	netgear	model:	ex7300	scope:	eq	version:	1.0.1.60	Trust: 0.8
vendor:	netgear	model:	r6100	scope:	eq	version:	1.0.1.16	Trust: 0.8
vendor:	netgear	model:	r7500	scope:	eq	version:	1.0.0.110	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.2.32	Trust: 0.8
vendor:	netgear	model:	r9000	scope:	eq	version:	1.0.2.30	Trust: 0.8
vendor:	netgear	model:	ex6200v2	scope:	lt	version:	1.0.1.44	Trust: 0.6
vendor:	netgear	model:	ex6100v2	scope:	lt	version:	1.0.1.50	Trust: 0.6
vendor:	netgear	model:	ex6150v2	scope:	lt	version:	1.0.1.50	Trust: 0.6
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.24	Trust: 0.1
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.28	Trust: 0.1
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.30	Trust: 0.1
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.31	Trust: 0.1
vendor:	netgear	model:	ex6150	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	ex6150	scope:	eq	version:	1.0.0.38	Trust: 0.1
vendor:	netgear	model:	ex6150	scope:	eq	version:	1.0.0.48	Trust: 0.1
vendor:	netgear	model:	ex7300	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r6100	scope:	eq	version:	1.0.1.12	Trust: 0.1
vendor:	netgear	model:	r6100	scope:	eq	version:	1.0.1.14	Trust: 0.1
vendor:	netgear	model:	r7500	scope:	eq	version:	1.0.0.108	Trust: 0.1
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.2.16	Trust: 0.1
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.2.28	Trust: 0.1
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.2.30	Trust: 0.1
vendor:	netgear	model:	r9000	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r9000	scope:	eq	version:	1.0.2.4	Trust: 0.1
vendor:	netgear	model:	wn3000rp	scope:	eq	version:	1.0.0.52	Trust: 0.1
vendor:	netgear	model:	wn3000rp	scope:	eq	version:	1.0.0.56	Trust: 0.1
vendor:	netgear	model:	wn3000rp	scope:	eq	version:	1.0.0.68	Trust: 0.1
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.0.48	Trust: 0.1
vendor:	netgear	model:	wndr4500	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wndr4500	scope:	eq	version:	1.0.0.48	Trust: 0.1

sources: CNVD: CNVD-2021-57159 // VULMON: CVE-2018-21228 // JVNDB: JVNDB-2018-016330 // NVD: CVE-2018-21228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21228
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2018-21228
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2018-016330
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-57159
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2126
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2018-21228
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-21228
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2018-016330
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-57159
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-21228
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21228
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016330
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-57159 // VULMON: CVE-2018-21228 // JVNDB: JVNDB-2018-016330 // CNNVD: CNNVD-202004-2126 // NVD: CVE-2018-21228 // NVD: CVE-2018-21228

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2018-016330 // NVD: CVE-2018-21228

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2126

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2126

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016330

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some Routers, Gateways, and Extenders, PSV-2017-0607	url:	https://kb.netgear.com/000055106/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0607	Trust: 0.8
title:	Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-57159)	url:	https://www.cnvd.org.cn/patchInfo/show/282671	Trust: 0.6
title:	Multiple NETGEAR Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117049	Trust: 0.6

sources: CNVD: CNVD-2021-57159 // JVNDB: JVNDB-2018-016330 // CNNVD: CNNVD-202004-2126

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21228	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-016330	Trust: 0.8
db:	CNVD	id:	CNVD-2021-57159	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2126	Trust: 0.6
db:	VULMON	id:	CVE-2018-21228	Trust: 0.1

sources: CNVD: CNVD-2021-57159 // VULMON: CVE-2018-21228 // JVNDB: JVNDB-2018-016330 // CNNVD: CNNVD-202004-2126 // NVD: CVE-2018-21228

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-21228	Trust: 2.0
url:	https://kb.netgear.com/000055106/security-advisory-for-post-authentication-command-injection-on-some-routers-gateways-and-extenders-psv-2017-0607	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21228	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-57159 // VULMON: CVE-2018-21228 // JVNDB: JVNDB-2018-016330 // CNNVD: CNNVD-202004-2126 // NVD: CVE-2018-21228

SOURCES

db:	CNVD	id:	CNVD-2021-57159
db:	VULMON	id:	CVE-2018-21228
db:	JVNDB	id:	JVNDB-2018-016330
db:	CNNVD	id:	CNNVD-202004-2126
db:	NVD	id:	CVE-2018-21228

LAST UPDATE DATE

2024-11-23T23:07:58.336000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57159	date:	2021-07-31T00:00:00
db:	VULMON	id:	CVE-2018-21228	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-016330	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-2126	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2018-21228	date:	2024-11-21T04:03:13.907

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57159	date:	2020-07-28T00:00:00
db:	VULMON	id:	CVE-2018-21228	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-016330	date:	2020-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202004-2126	date:	2020-04-24T00:00:00
db:	NVD	id:	CVE-2018-21228	date:	2020-04-24T15:15:12.817