ID

VAR-202004-1695


CVE

CVE-2018-21184


TITLE

plural NETGEAR Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016368

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, and R9000 before 1.0.3.6. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.28, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, and R9000 prior to 1.0.3.6

Trust: 2.25

sources: NVD: CVE-2018-21184 // JVNDB: JVNDB-2018-016368 // CNVD: CNVD-2020-28244 // VULMON: CVE-2018-21184

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28244

AFFECTED PRODUCTS

vendor:netgearmodel:r7800scope:ltversion:1.0.2.40

Trust: 1.6

vendor:netgearmodel:d7800scope:ltversion:1.0.1.28

Trust: 1.6

vendor:netgearmodel:d6100scope:ltversion:1.0.0.57

Trust: 1.6

vendor:netgearmodel:r9000scope:ltversion:1.0.3.6

Trust: 1.6

vendor:netgearmodel:r7500scope:ltversion:1.0.3.24

Trust: 1.0

vendor:netgearmodel:d6100scope:eqversion:1.0.0.57

Trust: 0.8

vendor:netgearmodel:d7800scope:eqversion:1.0.1.28

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.3.24

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.40

Trust: 0.8

vendor:netgearmodel:r9000scope:eqversion:1.0.3.6

Trust: 0.8

vendor:netgearmodel:r7500v2scope:ltversion:1.0.3.24

Trust: 0.6

vendor:netgearmodel:d6100scope:eqversion:1.0.0.50 0.0.50

Trust: 0.1

vendor:netgearmodel:d6100scope:eqversion:1.0.0.55

Trust: 0.1

vendor:netgearmodel:d6100scope:eqversion:1.0.0.56

Trust: 0.1

vendor:netgearmodel:d7800scope:eqversion:1.0.1.22

Trust: 0.1

vendor:netgearmodel:d7800scope:eqversion:1.0.1.24

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.108

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.110

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.112

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.116

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.118

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.122

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.124

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.0.130

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.3.10

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.3.16

Trust: 0.1

vendor:netgearmodel:r7500scope:eqversion:1.0.3.20

Trust: 0.1

vendor:netgearmodel:r7800scope:eqversion:1.0.2.16

Trust: 0.1

vendor:netgearmodel:r7800scope:eqversion:1.0.2.28

Trust: 0.1

vendor:netgearmodel:r7800scope:eqversion:1.0.2.30

Trust: 0.1

vendor:netgearmodel:r7800scope:eqversion:1.0.2.32

Trust: 0.1

vendor:netgearmodel:r7800scope:eqversion:1.0.2.36

Trust: 0.1

vendor:netgearmodel:r7800scope:eqversion:1.0.2.38

Trust: 0.1

vendor:netgearmodel:r9000scope:eqversion: -

Trust: 0.1

vendor:netgearmodel:r9000scope:eqversion:1.0.2.4

Trust: 0.1

vendor:netgearmodel:r9000scope:eqversion:1.0.2.30

Trust: 0.1

vendor:netgearmodel:r9000scope:eqversion:1.0.2.40

Trust: 0.1

vendor:netgearmodel:r9000scope:eqversion:1.0.2.52

Trust: 0.1

sources: CNVD: CNVD-2020-28244 // VULMON: CVE-2018-21184 // JVNDB: JVNDB-2018-016368 // NVD: CVE-2018-21184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21184
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2018-21184
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2018-016368
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-28244
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2243
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-21184
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-21184
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016368
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28244
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21184
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21184
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016368
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28244 // VULMON: CVE-2018-21184 // JVNDB: JVNDB-2018-016368 // CNNVD: CNNVD-202004-2243 // NVD: CVE-2018-21184 // NVD: CVE-2018-21184

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2018-016368 // NVD: CVE-2018-21184

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2243

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2243

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016368

PATCH

title:Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2615url:https://kb.netgear.com/000055174/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2615

Trust: 0.8

title:Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28244)url:https://www.cnvd.org.cn/patchInfo/show/217477

Trust: 0.6

title:Multiple NETGEAR Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117336

Trust: 0.6

sources: CNVD: CNVD-2020-28244 // JVNDB: JVNDB-2018-016368 // CNNVD: CNNVD-202004-2243

EXTERNAL IDS

db:NVDid:CVE-2018-21184

Trust: 3.1

db:JVNDBid:JVNDB-2018-016368

Trust: 0.8

db:CNVDid:CNVD-2020-28244

Trust: 0.6

db:CNNVDid:CNNVD-202004-2243

Trust: 0.6

db:VULMONid:CVE-2018-21184

Trust: 0.1

sources: CNVD: CNVD-2020-28244 // VULMON: CVE-2018-21184 // JVNDB: JVNDB-2018-016368 // CNNVD: CNNVD-202004-2243 // NVD: CVE-2018-21184

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2018-21184

Trust: 2.0

url:https://kb.netgear.com/000055174/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2615

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21184

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-28244 // VULMON: CVE-2018-21184 // JVNDB: JVNDB-2018-016368 // CNNVD: CNNVD-202004-2243 // NVD: CVE-2018-21184

SOURCES

db:CNVDid:CNVD-2020-28244
db:VULMONid:CVE-2018-21184
db:JVNDBid:JVNDB-2018-016368
db:CNNVDid:CNNVD-202004-2243
db:NVDid:CVE-2018-21184

LAST UPDATE DATE

2024-11-23T22:25:32.251000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-28244date:2020-05-14T00:00:00
db:VULMONid:CVE-2018-21184date:2020-05-05T00:00:00
db:JVNDBid:JVNDB-2018-016368date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2243date:2020-05-06T00:00:00
db:NVDid:CVE-2018-21184date:2024-11-21T04:03:07.027

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-28244date:2020-05-14T00:00:00
db:VULMONid:CVE-2018-21184date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2018-016368date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2243date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21184date:2020-04-28T13:15:12.683