Details of VAR-202005-0733

ID

VAR-202005-0733

CVE

CVE-2017-18867

TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-015008

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. plural NETGEAR The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR D6100 is a wireless modem. NETGEAR WNDR4300 is a wireless router. No detailed vulnerability details are currently provided. This affects D6100 prior to 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 prior to 1.0.2.90, and WNDR4500v3 prior to 1.0.0.48

Trust: 2.25

sources: NVD: CVE-2017-18867 // JVNDB: JVNDB-2017-015008 // CNVD: CNVD-2021-46351 // VULMON: CVE-2017-18867

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-46351

AFFECTED PRODUCTS

vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.32	Trust: 1.6
vendor:	netgear	model:	d6100	scope:	lt	version:	1.0.0.55	Trust: 1.6
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.24	Trust: 1.6
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.48	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.2.90	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	eq	version:	1.0.0.55	Trust: 0.8
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.24	Trust: 0.8
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.32	Trust: 0.8
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.2.90	Trust: 0.8
vendor:	netgear	model:	wndr4500	scope:	eq	version:	1.0.0.48	Trust: 0.8
vendor:	netgear	model:	wndr4500v3	scope:	lt	version:	1.0.0.48	Trust: 0.6
vendor:	netgear	model:	wndr4300v1	scope:	lt	version:	1.0.2.90	Trust: 0.6
vendor:	netgear	model:	d6100	scope:	eq	version:	1.0.0.50 0.0.50	Trust: 0.1
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.22	Trust: 0.1
vendor:	netgear	model:	r7100lg	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.28	Trust: 0.1
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.30	Trust: 0.1
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.0.48	Trust: 0.1
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.0.50	Trust: 0.1
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.0.52	Trust: 0.1
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.0.54	Trust: 0.1
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.0.56	Trust: 0.1
vendor:	netgear	model:	wndr4300	scope:	eq	version:	1.0.2.88	Trust: 0.1
vendor:	netgear	model:	wndr4500	scope:	eq	version:	-	Trust: 0.1

sources: CNVD: CNVD-2021-46351 // VULMON: CVE-2017-18867 // JVNDB: JVNDB-2017-015008 // NVD: CVE-2017-18867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18867
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18867
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-015008
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-46351
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-117
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-18867
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18867
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-015008
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-46351
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18867
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18867
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-015008
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-46351 // VULMON: CVE-2017-18867 // JVNDB: JVNDB-2017-015008 // CNNVD: CNNVD-202005-117 // NVD: CVE-2017-18867 // NVD: CVE-2017-18867

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-015008 // NVD: CVE-2017-18867

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-117

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-015008

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers and Gateways, PSV-2017-2198	url:	https://kb.netgear.com/000049554/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-2198	Trust: 0.8
title:	Patch for Multiple NETGEAR products input verification error vulnerability (CNVD-2021-46351)	url:	https://www.cnvd.org.cn/patchInfo/show/275811	Trust: 0.6
title:	Multiple NETGEAR Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118009	Trust: 0.6

sources: CNVD: CNVD-2021-46351 // JVNDB: JVNDB-2017-015008 // CNNVD: CNNVD-202005-117

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18867	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-015008	Trust: 0.8
db:	CNVD	id:	CNVD-2021-46351	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-117	Trust: 0.6
db:	VULMON	id:	CVE-2017-18867	Trust: 0.1

sources: CNVD: CNVD-2021-46351 // VULMON: CVE-2017-18867 // JVNDB: JVNDB-2017-015008 // CNNVD: CNNVD-202005-117 // NVD: CVE-2017-18867

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18867	Trust: 2.0
url:	https://kb.netgear.com/000049554/security-advisory-for-security-misconfiguration-on-some-routers-and-gateways-psv-2017-2198	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18867	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-46351 // VULMON: CVE-2017-18867 // JVNDB: JVNDB-2017-015008 // CNNVD: CNNVD-202005-117 // NVD: CVE-2017-18867

SOURCES

db:	CNVD	id:	CNVD-2021-46351
db:	VULMON	id:	CVE-2017-18867
db:	JVNDB	id:	JVNDB-2017-015008
db:	CNNVD	id:	CNNVD-202005-117
db:	NVD	id:	CVE-2017-18867

LAST UPDATE DATE

2024-11-23T22:58:17.023000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-46351	date:	2021-07-01T00:00:00
db:	VULMON	id:	CVE-2017-18867	date:	2020-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-015008	date:	2020-06-04T00:00:00
db:	CNNVD	id:	CNNVD-202005-117	date:	2020-05-08T00:00:00
db:	NVD	id:	CVE-2017-18867	date:	2024-11-21T03:21:08

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-46351	date:	2021-06-27T00:00:00
db:	VULMON	id:	CVE-2017-18867	date:	2020-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-015008	date:	2020-06-04T00:00:00
db:	CNNVD	id:	CNNVD-202005-117	date:	2020-05-05T00:00:00
db:	NVD	id:	CVE-2017-18867	date:	2020-05-05T14:15:12.390