Vulnerabilites related to netgear - wnr2000
Vulnerability from fkie_nvd
Published
2020-04-27 21:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a la versión 1.0.0.57, R7800 versiones anteriores a la versión 1.0.2.40, R9000 versiones anteriores a la versión 1.0.2.52, WNDR3700v4 versiones anteriores a la versión 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50 y WNR2000v5 versiones anteriores a 1.0.0.62 .", }, ], id: "CVE-2018-21180", lastModified: "2024-11-21T04:03:06.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T21:15:13.267", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055178/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055178/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2619", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA3E7329-F839-4DD3-921F-B9E8DEDC8F12", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F3D02E3-8FA1-4129-A4B2-25235AF0E49C", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.60, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WNDR3700v4 versiones anteriores a 1.0.2.102, WNDR4300 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58 y WNR2000v5 versiones anteriores a 1.0.0.66.", }, ], id: "CVE-2018-21111", lastModified: "2024-11-21T04:02:55.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T15:15:13.190", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060440/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060440/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0115", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, D7800 versiones anteriores a 1.0.1.34, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0. 2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21190", lastModified: "2024-11-21T04:03:07.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.597", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B5A756C-6CA4-46EF-80B8-9051FB607B43", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA902AA9-525D-46BD-B586-1A0DC40EE391", versionEndExcluding: "1.1.00.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*", matchCriteriaId: "00E6A1B7-4732-4259-9B71-10FF0B56A16B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD6552E-5BF6-4E57-90A7-39C4543B469C", versionEndExcluding: "1.0.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EEA190-2E9C-4586-BF81-B115532FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CE087F75-4C99-425C-A9B7-B261E5545297", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "327F762B-1F65-4DE0-B05C-1AAC64974A14", versionEndExcluding: "1.0.1.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34A8EAED-389E-4B14-949E-ED87A09F4D91", versionEndExcluding: "1.0.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*", matchCriteriaId: "D8780623-F362-4FA5-8B33-37E9CB3FEE12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9398174B-A4A6-449A-AB91-A93D3D9398DD", versionEndExcluding: "1.0.3.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0ABDCFC2-E9EC-40F4-862F-B86FDD0A6AC7", versionEndExcluding: "1.0.0.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*", matchCriteriaId: "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D989DB4-5276-4BCF-A15E-BC207E03B2C7", versionEndExcluding: "1.0.0.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*", matchCriteriaId: "25090794-A90C-40CD-8E95-87EC4E98B928", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A7D6C145-E2CD-4030-8AA8-C4071C0E242B", versionEndExcluding: "1.0.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F476F7D7-EAE2-4A09-8C4B-A53F885A1337", versionEndExcluding: "1.0.1.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9EFE54D2-78A3-4461-BA5E-6807911C5684", versionEndExcluding: "1.0.1.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BCBD76F6-4E46-42E1-A6B6-373F2F7DB4AF", versionEndExcluding: "1.0.1.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85392ECB-985F-43B2-89BE-755E433FC14B", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0D1F6E4-A21F-4B86-B903-C26BB062D0DD", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BBA04A7E-6029-498B-970E-0317BE0CF0F2", versionEndExcluding: "1.0.0.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9E7939-E195-44AB-8880-D0BCF26BF2E0", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34429B2B-D8CB-4BEC-B5FA-5C7F8AC9A1FE", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CDFB6345-0D0D-4586-9899-2438AADDCD3F", versionEndExcluding: "1.0.0.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", matchCriteriaId: "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5E7A8CA-134F-49B4-95D6-79A88CD6BB80", versionEndExcluding: "1.0.4.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "55058831-92FF-4A87-8340-E25AC0DDF89E", versionEndExcluding: "1.0.4.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97DE1C91-59A0-4902-B5C7-0CFD2631CAEE", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DBDE97EB-05FE-475E-8A4E-13C97E91548A", versionEndExcluding: "1.0.2.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "442F153C-737B-44D4-9A6D-EB6F6C47B986", versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81F70E0C-3674-4981-B815-0721F6C6E588", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03DC2062-58D1-40D6-8536-A13C87F2CF11", versionEndExcluding: "1.0.9.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "326BBECA-9A76-4A3E-90F7-023797D5D186", versionEndExcluding: "1.3.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09963BE1-D57D-491A-9BD8-A1A46ED993E0", versionEndExcluding: "1.3.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FB08FA1-A476-4E05-9904-9BE30C9E77B7", versionEndExcluding: "1.0.0.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B75230D7-5B50-47C2-B5C5-C60C6974C305", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BCE1150D-8464-4421-94BD-EE81977BAC34", versionEndExcluding: "1.0.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "532B87A3-CE33-4F0F-A0A7-C7D7D568C593", versionEndExcluding: "1.0.4.4_1.1.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "606460FB-B46F-4490-96FC-B226F3A2C55D", versionEndExcluding: "1.1.5.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B508ABA6-F17C-43D4-88D8-56ECD0057C65", versionEndExcluding: "1.1.5.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63DDFEFE-402D-4AA8-A2C9-2217A5643DC1", versionEndExcluding: "1.0.2.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D7A3E675-BB4F-4E8B-A041-C208F85B5C0E", versionEndExcluding: "1.0.2.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "785692C5-AA6D-43E9-B9E8-160352AC816D", versionEndExcluding: "1.0.1.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "030AAA8B-65D9-42E4-ACF6-F2DB13D4AA30", versionEndExcluding: "1.0.2.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AB52FC6-BC09-41ED-BB91-63A4E795E0F8", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72DCD4C0-A757-4F98-97BD-FB1FEBF3235C", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", matchCriteriaId: "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "026C640E-7594-4B5A-BDF9-FAB1CD135A47", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5025770E-D9D0-4FB6-BE29-1F48EDC31AF1", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5684DEA-5F12-4E72-B8D1-C5F3E1D22726", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36CCD48D-4474-4363-8DE6-846714B99D3D", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "436026D2-0B8E-4BA5-AD34-9EB285EDA78A", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB542F95-5AE2-47E4-BD7B-34134B26AA4F", versionEndExcluding: "1.2.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*", matchCriteriaId: "C8DE4BFA-41DE-4748-ACC7-14362333A059", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D6100 versiones anteriores a 1.0.0.56, D6200 versiones anteriores a 1.1.00.24, D6220 versiones anteriores a 1.0.0.32, D6400 versiones anteriores a 1.0.0.66, D7000 versiones anteriores a 1.0.1.52, D7000v2 versiones anteriores a 1.0.0.44, D7800 versiones anteriores a 1.0.1.30, D8500 versiones anteriores a 1.0.3.35, DGN2200v4 versiones anteriores a 1.0.0.96, DGN2200Bv4 versiones anteriores a 1.0.0.96, EX2700 versiones anteriores a 1.0.1.28, EX6150v2 versiones anteriores a 1.0.1.54, EX6100v2 versiones anteriores a 1.0.1.54, EX6200v2 versiones anteriores a 1.0.1.52, EX6400 versiones anteriores a 1.0.1.72, EX7300 versiones anteriores a 1.0.1.72, EX8000 versiones anteriores a 1.0.0.102, JNR1010v2 versiones anteriores a 1.1.0.44, JWNR2010v5 versiones anteriores a 1.1.0.44, PR2000 versiones anteriores a 1.0.0.20, R6100 versiones anteriores a 1.0.1.20, R6250 versiones anteriores a 1.0.4.16, R6300v2 versiones anteriores a 1.0. 4.18, R6400 versiones anteriores a 1.0.1.32, R6400v2 versiones anteriores a 1.0.2.46, R6700 versiones anteriores a 1.0.1.36, R6900 versiones anteriores a 1.0.1.34, R7000 versiones anteriores a 1.0.9.18, R6900P versiones anteriores a 1.3.0.8, R7000P versiones anteriores a 1.3.0.8, R7100LG versiones anteriores a 1.0.0.34, R7300DST versiones anteriores a 1.0.0.58, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2.40, R7900 versiones anteriores a 1.0.2.4, R8000 versiones anteriores a 1.0.4.4_1.1.42, R7900P versiones anteriores a 1.1.5.14, R8000P versiones anteriores a 1.1.5.14, R8300 versiones anteriores a 1.0.2.110, R8500 versiones anteriores a 1.0.2.110, R9000 versiones anteriores a 1.0.2.52, WN2000RPTv3 versiones anteriores a 1.0.1.14, WN3000RPv3 versiones anteriores a 1.0.2.50, WN3100RPv2 versiones anteriores a 1.0.0.40, WNDR3400v3 versiones anteriores a 1.0.1.16, WNDR3700v4 versiones anteriores a 1.0. 2.94, WNDR4300 versiones anteriores a 1.0.2.96, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, WNR1000v4 versiones anteriores a 1.1.0.44, WNR2000v5 versiones anteriores a 1.0.0.62, WNR2020 versiones anteriores a 1.1.0.44, WNR2050 versiones anteriores a 1.1.0.44 y WNR3500Lv2 versiones anteriores a 1.2.04 .", }, ], id: "CVE-2017-18788", lastModified: "2024-11-21T03:20:55.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T14:15:11.817", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-21 22:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF86215-ABBD-43EA-B7DE-D3038F4449C6", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.34, DM200 versiones anteriores a 1.0.0.50, R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.26, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21148", lastModified: "2024-11-21T04:03:01.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-21T22:15:14.367", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-15 17:15
Modified
2024-11-21 08:36
Severity ?
Summary
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | 1.0.0.70 | |
| netgear | wnr2000 | v4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:1.0.0.70:*:*:*:*:*:*:*", matchCriteriaId: "8B60ABCD-0AA5-480D-B56C-DAB3DE808729", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v4:*:*:*:*:*:*:*", matchCriteriaId: "D2913468-C442-48A3-8AD9-A2F3CCDD7952", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.", }, { lang: "es", value: "Existe una vulnerabilidad de inyección de comandos en NETGEAR WNR2000v4 versión 1.0.0.70. Cuando se utiliza HTTP para la autenticación SOAP, la ejecución del comando se produce durante el proceso después de una autenticación exitosa.", }, ], id: "CVE-2023-50089", lastModified: "2024-11-21T08:36:31.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-15T17:15:12.780", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 21:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una denegación de servicio. Esto afecta a R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21142", lastModified: "2024-11-21T04:03:00.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T21:15:11.750", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B5A756C-6CA4-46EF-80B8-9051FB607B43", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D6100 versiones anteriores a 1.0.0.56, D7800 versiones anteriores a 1.0.1.30, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1. 0.3.24, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21219", lastModified: "2024-11-21T04:03:12.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:14.373", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 20:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "600F0894-2001-4681-8B7C-AE24B3C81EA4", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "37091E40-F36D-4111-B276-8A047415DEE7", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5B3009A-32AC-4FB2-8E55-5648CD4649E5", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B7ED1541-DE7D-4A4C-B8D1-CB42E52E3DBE", versionEndExcluding: "2.3.5.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "094B04D5-9063-4D7A-B367-E1F2688B3667", versionEndExcluding: "2.3.5.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C489444C-6C19-4A52-AF66-A1D48ADC4F26", versionEndExcluding: "2.3.5.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D6473B1-757C-4B6E-82D3-D1D13731F074", versionEndExcluding: "1.0.0.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", matchCriteriaId: "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "23D08587-3258-4B55-AA21-AB7E6D9A8421", versionEndExcluding: "1.0.0.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", matchCriteriaId: "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A66936-4268-4990-8E83-24C74A75B9F6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA46A42B-6439-4DFC-BA9E-CDC3438AAF77", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", matchCriteriaId: "D18D2CCD-424F-41D5-919B-E22B9FA68D36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "021EFB0E-8498-4400-8044-B778232577E6", versionEndExcluding: "1.2.0.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", matchCriteriaId: "9F9706E6-CA53-43E4-91B0-D52655C86860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EC4D8ECD-014E-46DD-9CC3-FB0BDD652E17", versionEndExcluding: "1.2.0.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4F92BB0A-7BFE-46FB-A850-9D82635AA8EB", versionEndExcluding: "1.2.0.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E8EB69B-6619-47B6-A073-D0B840D4EB0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "238A0EC8-F5E6-4AB6-A132-0763B6F687EC", versionEndExcluding: "1.0.2.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "655A51AC-713E-4D9F-AF50-107EA0DFBC37", versionEndExcluding: "1.0.0.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "250E8C27-ED0F-46FC-B630-52E9BF2CA812", versionEndExcluding: "1.0.2.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "832B6460-9984-4441-8E06-F784052FC8CC", versionEndExcluding: "1.1.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", matchCriteriaId: "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8E5BDCB-5273-434C-A8F5-7F8184FD2457", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7928C6DB-B9E2-41EB-AE71-C5DD19EEEEBA", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D38DF1BB-32A1-4051-882D-7D9E56A757F1", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.", }, { lang: "es", value: "Ciertos dispositivos NETGEAR se ven afectados por XSS almacenado. Esto afecta a D6100 antes de 1.0.0.58, D7800 antes de 1.0.1.34, JNR1010v2 antes de 1.1.0.50, JWNR2010v5 antes de 1.1.0.50, RBK50 antes de 2.3.5.30, RBR50 antes de 2.3.5.30, RBS50 antes de 2.3.5.30, R6020 antes de 1.0.0.30, R6080 antes de 1.0.0.30, R6100 antes de 1.0.1.16, R6120 antes de 1.0.0.40, R6700v2 antes de 1.2.0.14, R6800 antes de 1.2.0.14, R6900v2 antes de 1.2.0.14, R7500v2 antes de 1.0.3.26, R7800 antes de 1.0.2.46, R9000 antes 1.0.4.2, WN3000RPv2 antes de 1.0.0.52, WN3000RPv3 antes de 1.0.2.78, WNDR3700v4 antes de 1.0.2.102, WNDR3700v5 antes de 1.1.0.54, WNDR4300v1 antes de 1.0.2.104, WNDR4300v2 antes de 1.0.0.48, WNDR4500v3 antes de 1.0.0.48, WNDR4500v3 antes de 1.0.0.48 0.50, WNR2000v5 antes de 1.0.0.64, WNR2020 antes de 1.1.0.50 y WNR2050 antes de 1.1.0.50. NOTA: esto puede ser el resultado de una solución incompleta para CVE-2017-18866.", }, ], id: "CVE-2019-20738", lastModified: "2024-11-21T04:39:13.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T20:15:13.820", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 21:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7740F3DB-8647-4D9A-BA3D-3944BCF51263", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a la versión 1.0.0.57, D7800 versiones anteriores a la versión 1.0.1.30, R7500 versiones anteriores a la versión 1.0.0.122, R7500v2 versiones anteriores a la versión 1.0.3.24, R7800 versiones anteriores a la versión 1.0.2.40, R9000 versiones anteriores a la versión 1.0.2.52, WNDR3700v4 versiones anteriores a la versión 1.0.2.92, WNDR4300 versiones anteriores a la versión 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50 y WNR2000v5 versiones anteriores a la versión 1.0.0.62.", }, ], id: "CVE-2018-21179", lastModified: "2024-11-21T04:03:06.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T21:15:13.203", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 15:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B5A756C-6CA4-46EF-80B8-9051FB607B43", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA902AA9-525D-46BD-B586-1A0DC40EE391", versionEndExcluding: "1.1.00.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*", matchCriteriaId: "00E6A1B7-4732-4259-9B71-10FF0B56A16B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD6552E-5BF6-4E57-90A7-39C4543B469C", versionEndExcluding: "1.0.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EEA190-2E9C-4586-BF81-B115532FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CE087F75-4C99-425C-A9B7-B261E5545297", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "327F762B-1F65-4DE0-B05C-1AAC64974A14", versionEndExcluding: "1.0.1.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34A8EAED-389E-4B14-949E-ED87A09F4D91", versionEndExcluding: "1.0.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*", matchCriteriaId: "D8780623-F362-4FA5-8B33-37E9CB3FEE12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9398174B-A4A6-449A-AB91-A93D3D9398DD", versionEndExcluding: "1.0.3.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0ABDCFC2-E9EC-40F4-862F-B86FDD0A6AC7", versionEndExcluding: "1.0.0.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*", matchCriteriaId: "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D989DB4-5276-4BCF-A15E-BC207E03B2C7", versionEndExcluding: "1.0.0.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*", matchCriteriaId: "25090794-A90C-40CD-8E95-87EC4E98B928", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A7D6C145-E2CD-4030-8AA8-C4071C0E242B", versionEndExcluding: "1.0.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9EFE54D2-78A3-4461-BA5E-6807911C5684", versionEndExcluding: "1.0.1.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F476F7D7-EAE2-4A09-8C4B-A53F885A1337", versionEndExcluding: "1.0.1.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BCBD76F6-4E46-42E1-A6B6-373F2F7DB4AF", versionEndExcluding: "1.0.1.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85392ECB-985F-43B2-89BE-755E433FC14B", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0D1F6E4-A21F-4B86-B903-C26BB062D0DD", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BBA04A7E-6029-498B-970E-0317BE0CF0F2", versionEndExcluding: "1.0.0.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9E7939-E195-44AB-8880-D0BCF26BF2E0", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34429B2B-D8CB-4BEC-B5FA-5C7F8AC9A1FE", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CDFB6345-0D0D-4586-9899-2438AADDCD3F", versionEndExcluding: "1.0.0.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", matchCriteriaId: "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF013048-DE20-49A5-9091-DD0DEA830D33", versionEndExcluding: "1.0.0.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", matchCriteriaId: "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D70F5F17-5134-47AB-B182-321B1B0CD72B", versionEndExcluding: "1.0.0.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", matchCriteriaId: "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5E7A8CA-134F-49B4-95D6-79A88CD6BB80", versionEndExcluding: "1.0.4.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "55058831-92FF-4A87-8340-E25AC0DDF89E", versionEndExcluding: "1.0.4.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97DE1C91-59A0-4902-B5C7-0CFD2631CAEE", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DBDE97EB-05FE-475E-8A4E-13C97E91548A", versionEndExcluding: "1.0.2.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "442F153C-737B-44D4-9A6D-EB6F6C47B986", versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36949C1B-4E77-447C-A206-B4E8385FA6C5", versionEndExcluding: "1.2.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5B7CDA8C-3ED3-46B2-AC4F-330251B7F454", versionEndExcluding: "1.2.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E8EB69B-6619-47B6-A073-D0B840D4EB0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4096E4AD-F3DA-4D1D-BD48-E39235669A68", versionEndExcluding: "1.2.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", matchCriteriaId: "9F9706E6-CA53-43E4-91B0-D52655C86860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81F70E0C-3674-4981-B815-0721F6C6E588", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "326BBECA-9A76-4A3E-90F7-023797D5D186", versionEndExcluding: "1.3.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03DC2062-58D1-40D6-8536-A13C87F2CF11", versionEndExcluding: "1.0.9.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09963BE1-D57D-491A-9BD8-A1A46ED993E0", versionEndExcluding: "1.3.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FB08FA1-A476-4E05-9904-9BE30C9E77B7", versionEndExcluding: "1.0.0.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B75230D7-5B50-47C2-B5C5-C60C6974C305", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BCE1150D-8464-4421-94BD-EE81977BAC34", versionEndExcluding: "1.0.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "606460FB-B46F-4490-96FC-B226F3A2C55D", versionEndExcluding: "1.1.5.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "78819A69-AF43-4741-AE4D-5FEC4280F25F", versionEndExcluding: "1.0.4.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B508ABA6-F17C-43D4-88D8-56ECD0057C65", versionEndExcluding: "1.1.5.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D7A3E675-BB4F-4E8B-A041-C208F85B5C0E", versionEndExcluding: "1.0.2.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63DDFEFE-402D-4AA8-A2C9-2217A5643DC1", versionEndExcluding: "1.0.2.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B569EC22-7AB5-4136-B83E-BC466A6562B2", versionEndExcluding: "1.0.1.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "030AAA8B-65D9-42E4-ACF6-F2DB13D4AA30", versionEndExcluding: "1.0.2.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B562B414-1A33-4E81-83FF-D8750D977DDC", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72DCD4C0-A757-4F98-97BD-FB1FEBF3235C", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", matchCriteriaId: "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "026C640E-7594-4B5A-BDF9-FAB1CD135A47", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5025770E-D9D0-4FB6-BE29-1F48EDC31AF1", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5684DEA-5F12-4E72-B8D1-C5F3E1D22726", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36CCD48D-4474-4363-8DE6-846714B99D3D", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "436026D2-0B8E-4BA5-AD34-9EB285EDA78A", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB542F95-5AE2-47E4-BD7B-34134B26AA4F", versionEndExcluding: "1.2.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*", matchCriteriaId: "C8DE4BFA-41DE-4748-ACC7-14362333A059", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D6100 versiones anteriores a 1.0.0.56, D6200 versiones anteriores a 1.1.00.24, D6220 versiones anteriores a 1.0.0.32, D6400 versiones anteriores a 1.0.0.66, D7000 versiones anteriores a 1.0.1.52, D7000v2 versiones anteriores a 1.0.0.44, D7800 versiones anteriores a 1.0.1.30, D8500 versiones anteriores a 1.0.3.35, DGN2200v4 versiones anteriores a 1.0.0.96, DGN2200Bv4 versiones anteriores a 1.0.0.96, EX2700 versiones anteriores a 1.0.1.28, EX6100v2 versiones anteriores a 1.0.1.54, EX6150v2 versiones anteriores a 1.0.1.54, EX6200v2 versiones anteriores a 1.0.1.52, EX6400 versiones anteriores a 1.0.1.72, EX7300 versiones anteriores a 1.0.1.72, EX8000 versiones anteriores a 1.0.0.102, JNR1010v2 versiones anteriores a 1.1.0.44, JWNR2010v5 versiones anteriores a 1.1.0.44, PR2000 versiones anteriores a 1.0.0.20, R6020 versiones anteriores a 1.0.0.26, R6080 versiones anteriores a 1.0.0.26, R6100 versiones anteriores a 1.0. 1.20, R6250 versiones anteriores a 1.0.4.16, R6300v2 versiones anteriores a 1.0.4.18, R6400 versiones anteriores a 1.0.1.32, R6400v2 versiones anteriores a 1.0.2.46, R6700 versiones anteriores a 1.0.1.36, R6800 versiones anteriores a 1.2.0.12, R6900v2 versiones anteriores a 1.2.0.12, R6700v2 versiones anteriores a 1.2.0.12, R6900 versiones anteriores a 1.0.1.34, R6900P versiones anteriores a 1.3.0.8, R7000 versiones anteriores a 1.0.9.18, R7000P versiones anteriores a 1.3.0.8, R7100LG versiones anteriores a 1.0.0.34, R7300DST versiones anteriores a 1.0.0.58, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1. 0.3.24, R7800 versiones anteriores a 1.0.2.40, R7900 versiones anteriores a 1.0.2.4, R7900P versiones anteriores a 1.1.5.14, R8000 versiones anteriores a 1.0.4.4, R8000P versiones anteriores a 1.1.5.14, R8500 versiones anteriores a 1.0.2.110, R8300 versiones anteriores a 1.0.2.110, R9000 versiones anteriores a 1.0. 2.52, WN2000RPTv3 versiones anteriores a 1.0.1.8, WN3000RPv3 versiones anteriores a 1.0.2.50, WN3100RPv2 versiones anteriores a 1.0.0.42, WNDR3400v3 versiones anteriores a 1.0.1.16, WNDR3700v4 versiones anteriores a 1.0.2.94, WNDR4300 versiones anteriores a 1.0.2.96, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versión anteriores a 1.0.0.50, WNR1000v4 versiones anteriores a 1.1.0.44, WNR2000v5 versiones anteriores a 1.0.0.62, WNR2020 versiones anteriores a 1.1.0.44, WNR2050 versiones anteriores a 1.1.0.44 y WNR3500Lv2 versiones anteriores a 1.2.0.46.", }, ], id: "CVE-2017-18785", lastModified: "2024-11-21T03:20:54.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.1, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T15:15:12.957", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 15:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ex3700_firmware | * | |
| netgear | ex3700 | - | |
| netgear | ex3800_firmware | * | |
| netgear | ex3800 | - | |
| netgear | ex6120_firmware | * | |
| netgear | ex6120 | - | |
| netgear | ex6130_firmware | * | |
| netgear | ex6130 | - | |
| netgear | r6300_firmware | * | |
| netgear | r6300 | v2 | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | - | |
| netgear | r7000_firmware | * | |
| netgear | r7000 | - | |
| netgear | r7300dst_firmware | * | |
| netgear | r7300dst | - | |
| netgear | r7900_firmware | * | |
| netgear | r7900 | - | |
| netgear | r8000_firmware | * | |
| netgear | r8000 | - | |
| netgear | r8500_firmware | * | |
| netgear | r8500 | - | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B79CB764-3B62-4C39-9B68-A7C949EA91BE", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*", matchCriteriaId: "CDAA5899-B73C-4690-853E-B5400F034BE1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72C578B9-6D52-492F-854F-067EB36F84B1", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*", matchCriteriaId: "CC5488D9-651C-4BAB-A141-06B816690D42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC81E61-E8CD-4929-A1E2-C1B620BCC3E7", versionEndExcluding: "1.0.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*", matchCriteriaId: "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0EF0C67F-9F79-4D2D-9453-824697828403", versionEndExcluding: "1.0.0.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*", matchCriteriaId: "305E295C-9C73-4798-A0BE-7973E1EE5EAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E43DA92A-E429-459F-8B34-DDED55F5590B", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DC332E60-A7DB-41C5-B1ED-FE3EDF83F8BC", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "24E4CE14-4FC5-4F73-BFC8-F0B0D924F788", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "819CC65F-F5DA-4620-BC68-CAAA2B73195D", versionEndExcluding: "1.0.9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02C2BB4F-8FBB-47BF-A05F-72DDC2D0A31B", versionEndExcluding: "1.0.0.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59C6F6E4-C411-486E-BDBF-75F0ABEF5112", versionEndExcluding: "1.0.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B9FA153F-24E0-47DE-94B4-10F51999BCF0", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC34CE8E-8DB9-4A15-80D8-EB663482A892", versionEndExcluding: "1.0.2.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9A59121-B980-46B4-ABB8-13DEAE8F3923", versionEndExcluding: "1.2.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v2:*:*:*:*:*:*:*", matchCriteriaId: "C5085749-A0E2-448D-B26B-7E25400F1C12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una omisión de autenticación. Esto afecta a EX3700 versiones anteriores a la versión 1.0.0.64, EX3800 versiones anteriores a la versión 1.0.0.64, EX6120 versiones anteriores a 1.0.0.32, EX6130 versiones anteriores a la versión 1.0.0.16, R6300v2 versiones anteriores a 1.0.4.12, R6700 versiones anteriores a 1.0.1.26, R6900 versiones anteriores a 1.0.1.22, R7000 versiones anteriores a 1.0.9.6, R7300DST versiones anteriores a 1.0.0.52, R7900 versiones anteriores a 1.0.1.12, R8000 versiones anteriores a 1.0.3.24, R8500 versiones anteriores a 1.0.2.74 y WNR2000v2 versiones anteriores a 1.2.0.8.", }, ], id: "CVE-2017-18772", lastModified: "2024-11-21T03:20:52.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T15:15:11.800", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-21 21:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7DEE689F-923A-414C-B048-E4716DA2B783", versionEndExcluding: "1.0.0.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93C7D5A8-3B1D-4DCD-ACB6-8629CE598C25", versionEndExcluding: "1.0.3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a DM200 en versiones anteriores a la 1.0.0.52, R7500 en versiones anteriores a la 1.0.0.122, R7800 en versiones anteriores a la 1.0.2.42, R8900 en versiones anteriores a la 1.0.3.10, R9000 en versiones anteriores a la 1.0.3. 16, WNDR3700v4 en versiones anteriores a la 1.0.2.96, WNDR4300 en versiones anteriores a la 1.0.2.98, WNDR4300v2 en versiones anteriores a la 1.0.0.54, WNDR4500v3 en versiones anteriores a la 1.0.0.54, y WNR2000v5 en versiones anteriores a la 1.0.0.64.", }, ], id: "CVE-2018-21144", lastModified: "2024-11-21T04:03:00.497", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-21T21:15:12.867", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.30, R6100 versiones anteriores a 1.0.1.20, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2. 52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21186", lastModified: "2024-11-21T04:03:07.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.363", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055172/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055172/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2609", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | ex6100_firmware | * | |
| netgear | ex6100 | v2 | |
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | ex6200_firmware | * | |
| netgear | ex6200 | v2 | |
| netgear | ex6400_firmware | * | |
| netgear | ex6400 | - | |
| netgear | ex7300_firmware | * | |
| netgear | ex7300 | - | |
| netgear | ex8000_firmware | * | |
| netgear | ex8000 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wn2000rpt_firmware | * | |
| netgear | wn2000rpt | v3 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "733650A8-D797-43B2-851E-1B364C9E7100", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC89483B-6D99-4A1B-A513-B50EA44DA963", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "542F7529-27DB-41F1-A8E4-FA7A596E5DCC", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3223C7E1-06DF-4CAA-89DD-611435165F49", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0A1B4BD-9DD6-4999-B0FA-F843713C991F", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2138C164-530B-4F97-8107-035F9D0852B0", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F6F80A7-3B51-46FD-854E-D848F7906048", versionEndExcluding: "1.0.1.180", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "317AE6B1-BA33-49DF-A839-A49C5493996E", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3AC696D-EFAB-4DFF-A908-BCF1D58A4AFD", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.63, EX2700 versiones anteriores a 1.0.1.48, EX6100v2 versiones anteriores a 1.0.1.76, EX6150v2 versiones anteriores a 1. 0,1,76, EX6200v2 versiones anteriores a 1.0.1.72, EX6400 versiones anteriores a 1.0.2.136, EX7300 versiones anteriores a 1.0.2.136, EX8000 versiones anteriores a 1.0.1.180, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1. 0.4.2, R9000 versiones anteriores a 1.0.4.2, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR3700v4 versiones anteriores a 1.0.2. 102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20688", lastModified: "2024-11-21T04:39:05.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:23.260", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061451/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061451/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0142", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2E8B48-CF6F-488A-A932-246B434CAF1B", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a R6100 versiones anteriores a la versión 1.0.1.20, R7500 versiones anteriores a la versión 1.0.0.118, WNDR3700v4 versiones anteriores a la versión 1.0.2.88, WNDR4300 versiones anteriores a la versión 1.0.2.90, WNDR4300v2 versiones anteriores a la versión 1.0.0.48, WNDR4500v3 versiones anteriores a la versión 1.0.0.48, y WNR2000v5 versiones anteriores a la versión 1.0.0.62.", }, ], id: "CVE-2017-18706", lastModified: "2024-11-21T03:20:42.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T14:15:12.483", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-21 22:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF86215-ABBD-43EA-B7DE-D3038F4449C6", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.34, DM200 versiones anteriores a 1.0.0.50, R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21145", lastModified: "2024-11-21T04:03:00.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-21T22:15:14.197", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059488/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059488/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3160", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 17:15
Modified
2024-11-21 02:45
Severity ?
Summary
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ac1450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "32794415-73D5-4C63-BCAB-FA324BBCE850", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ac1450:-:*:*:*:*:*:*:*", matchCriteriaId: "E4BA18B2-8234-4C26-B865-741D467C5EBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:c6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4DC0FCBB-5F1B-417C-8E4B-FBD403CF2E38", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:c6300:-:*:*:*:*:*:*:*", matchCriteriaId: "7185DE0B-B15C-417D-9AF5-FBF15F9C2241", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56141687-D086-4EEE-9F8A-C238CC26854E", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d1500:-:*:*:*:*:*:*:*", matchCriteriaId: "78DC8809-C26D-48D8-9E12-228C3669B824", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B175146A-AA48-4A89-9712-E87BBB0B389F", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD7FA616-CD66-488A-92ED-3F28954F9E45", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d500:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE070E3-C0B1-455F-83A9-5C60C489816F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D53F8CC0-F707-4F98-85CE-9A816BE39809", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D349BA3-DF82-4DD5-BDA6-6AB5F3B70BD3", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F22E4FA5-DB96-4946-86B1-0D18A3BEBB2A", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*", matchCriteriaId: "00E6A1B7-4732-4259-9B71-10FF0B56A16B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DFEBB6A6-EABA-4A04-8B49-3C9F64D7C5C6", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6200b:-:*:*:*:*:*:*:*", matchCriteriaId: "60FAC76D-96D6-41FB-8EE8-C25F3CBB3307", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2EC71979-23F7-4623-BE4A-82713E95DACD", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6300:-:*:*:*:*:*:*:*", matchCriteriaId: "78542C95-85CC-43E5-9F0E-B12DDD5B79C4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "357F14D2-06B8-4BA5-9D7E-B334F59C7250", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6300b:-:*:*:*:*:*:*:*", matchCriteriaId: "37B89703-CAFB-43F6-8880-90349F8ED856", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEFBB234-2155-45F8-933D-93E89EC1F54F", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn1000:v3:*:*:*:*:*:*:*", matchCriteriaId: "430497AE-7C43-400E-9C70-001B2DA23B67", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "769065AA-BC73-4674-87B0-3D514FEFDBEF", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v1:*:*:*:*:*:*:*", matchCriteriaId: "F50D834B-D7B3-43D6-8072-8992FBC8C97B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "769065AA-BC73-4674-87B0-3D514FEFDBEF", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v3:*:*:*:*:*:*:*", matchCriteriaId: "509F9F22-24E7-45E9-AB96-17F8B50813F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "769065AA-BC73-4674-87B0-3D514FEFDBEF", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*", matchCriteriaId: "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5158CF4D-80FC-44FD-B9DA-442FA3A1A913", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200b:v3:*:*:*:*:*:*:*", matchCriteriaId: "8A4EE9AB-F3DE-4EA8-8344-7F62288EC921", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5158CF4D-80FC-44FD-B9DA-442FA3A1A913", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*", matchCriteriaId: "25090794-A90C-40CD-8E95-87EC4E98B928", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgnd3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "696689E8-E4C4-4A92-9D00-4C6B8CA80448", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgnd3700:v1:*:*:*:*:*:*:*", matchCriteriaId: "8A5971C6-2F27-4715-BC9E-378B647611D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgnd3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "696689E8-E4C4-4A92-9D00-4C6B8CA80448", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgnd3700:v2:*:*:*:*:*:*:*", matchCriteriaId: "7A8F0B8E-D3F2-43C9-8B12-43DE4226E826", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgnd3700b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E607B102-4151-4829-B5D5-779D096D620F", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgnd3700b:v2:*:*:*:*:*:*:*", matchCriteriaId: "C6F2634F-EA5A-48CE-91BA-964C0B40AF8E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F19C07A-65D3-4FFF-9D11-58C2B4D7A531", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v1:*:*:*:*:*:*:*", matchCriteriaId: "B4196FE8-4491-442C-96A0-23495165D3B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F19C07A-65D3-4FFF-9D11-58C2B4D7A531", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr3300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5738544-7D8A-45AD-99F3-6F92C6886ACD", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*", matchCriteriaId: "64CA12CC-48D8-4510-983C-8350A87CD5D2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30751D8C-301D-4C9F-8512-E887512CE388", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6100:-:*:*:*:*:*:*:*", matchCriteriaId: "2C1C81B4-033E-4F44-9D17-27B04FCF8EF4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", matchCriteriaId: "D67167E5-81D2-4892-AF41-CBB6271232D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "86B79A3A-8A63-4BD5-9016-8C98AEF737A8", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "3D78543E-37A7-4829-9165-D0CF52DD4867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D0BCC15-918E-4A31-A943-C5B72CB117E9", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*", matchCriteriaId: "9B1D13C3-5663-447F-9FD9-71EBEC471DAF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "675EBB75-3DB8-45D7-9512-5D297C680750", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", matchCriteriaId: "363D4DEE-98B9-4294-B241-1613CAD1A3A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "067085C6-EA5C-430B-B81E-A5809BD047B0", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ECBBDBEC-C896-4130-933B-150DB17662A3", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6200:-:*:*:*:*:*:*:*", matchCriteriaId: "8A466B29-3ADA-46D9-824C-8DF9160B7DD7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ECBBDBEC-C896-4130-933B-150DB17662A3", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "719248B0-BE22-4836-A23E-FE9F7590FB0C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "717CDDCB-3DEB-4949-AAC8-D939D01A0858", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "760BD171-837C-4D36-A4AF-551E926B53C0", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC7F9A44-CC92-4E00-A274-ADA08469F33F", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:-:*:*:*:*:*:*:*", matchCriteriaId: "9597966A-B13C-4098-838B-EC9AA8DE443D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC7F9A44-CC92-4E00-A274-ADA08469F33F", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66DBD436-0DA8-4917-99EB-6A5D0C3D42D1", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9D2356B7-389D-4612-8DBE-00C6AC35BD3D", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9866D7B9-622A-4B25-8CFA-D31AB4406A4F", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2BC36898-99C5-4755-9C42-687EAC07013B", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1BBF5B80-58EB-467E-8E07-6CB6C2E88BBC", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wgr614_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A746A6A7-AFD5-41DC-B805-C1526CFD2E95", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wgr614:v10:*:*:*:*:*:*:*", matchCriteriaId: "B47B0897-A9B9-4568-84DD-C3CE0118B439", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2BF93E7-2E14-48C7-BD1A-9C5FC3451334", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v2:*:*:*:*:*:*:*", matchCriteriaId: "25187765-6842-4F6A-BF5E-B2E634A958A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2BF93E7-2E14-48C7-BD1A-9C5FC3451334", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", matchCriteriaId: "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "17D010FA-275D-4D34-8DB8-49BEA70AF6DA", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v3:*:*:*:*:*:*:*", matchCriteriaId: "A239B4C0-0CD9-4632-A1E3-68B8E39692B3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "17D010FA-275D-4D34-8DB8-49BEA70AF6DA", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "17D010FA-275D-4D34-8DB8-49BEA70AF6DA", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", matchCriteriaId: "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "58CC514B-1570-4116-9E1F-289BD9DD5935", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "58CC514B-1570-4116-9E1F-289BD9DD5935", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A3BC4526-3FCE-42D3-B34A-C32060B78AF7", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v1:*:*:*:*:*:*:*", matchCriteriaId: "829C71CF-A1E7-456E-8230-8929BD7E867C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A3BC4526-3FCE-42D3-B34A-C32060B78AF7", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v2:*:*:*:*:*:*:*", matchCriteriaId: "AB00ECAD-7474-4D85-8248-D014E5808814", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A3BC4526-3FCE-42D3-B34A-C32060B78AF7", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "17B45AE0-0FBF-478B-966F-B2B28C971C3C", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v2:*:*:*:*:*:*:*", matchCriteriaId: "938F4D22-AEFC-4141-BC1C-101F835D4E77", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "17B45AE0-0FBF-478B-966F-B2B28C971C3C", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v3:*:*:*:*:*:*:*", matchCriteriaId: "91D091D4-04EA-4564-A2CC-88E217A9FC08", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "17B45AE0-0FBF-478B-966F-B2B28C971C3C", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CCA254A9-B22D-44C5-9261-19AFBD2B2EE4", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v3:*:*:*:*:*:*:*", matchCriteriaId: "C547734B-BF1A-4CD9-8FD8-9ECB3D15B0BA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CCA254A9-B22D-44C5-9261-19AFBD2B2EE4", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v4:*:*:*:*:*:*:*", matchCriteriaId: "D2913468-C442-48A3-8AD9-A2F3CCDD7952", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CCA254A9-B22D-44C5-9261-19AFBD2B2EE4", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BFCD5179-4D17-4187-BFFD-7FF080804D95", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*", matchCriteriaId: "94B74E4A-3E2F-4CB1-B33D-8618ED1C7E9F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF1CD0F5-D109-460F-9417-1907A6368A8B", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*", matchCriteriaId: "EA9EF618-6194-4127-BD60-FB0E645C8993", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDBCEE9B-9189-42DA-86D1-3FF6E4168127", versionEndExcluding: "2017-01-06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*", matchCriteriaId: "C8DE4BFA-41DE-4748-ACC7-14362333A059", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por una exposición de contraseñas. Esto afecta a AC1450 hasta el 06-01-2017, C6300 hasta el 06-01-2017, D500 hasta el 06-01-2017, D1500 hasta el 06-01-2017, D3600 hasta el 06-01-2017, D6000 hasta el 06-01-2017, D6100 hasta el 06-01-2017, D6200 hasta el 06-01-2017, D6200B hasta el 06-01-2017, D6300B hasta el 06-01-2017, D6300 hasta el 06-01-2017, DGN1000v3 hasta el 06-01-2017, DGN2200v1 hasta el 06-01-2017, DGN2200v3 hasta el 06-01-2017, DGN2200V4 hasta el 06-01-2017, DGN2200Bv3 hasta el 06-01-2017, DGN2200Bv4 hasta el 06-01-2017, DGND3700v1 hasta el 06-01-2017, DGND3700v2 hasta el 06-01-2017, DGND3700Bv2 hasta el 06-01-2017, JNR1010v1 hasta el 06-01-2017, JNR1010v2 hasta el 06-01-2017, JNR3300 hasta el 06-01-2017, JR6100 hasta el 06-01-2017, JR6150 hasta el 06-01-2017, JWNR2000v5 hasta el 06-01-2017, R2000 hasta el 06-01-2017, R6050 hasta el 06-01-2017, R6100 hasta el 06-01-2017, R6200 hasta el 06-01-2017, R6200v2 hasta el 06-01-2017, R6220 hasta el 06-01-2017, R6250 hasta el 06-01-2017, R6300 hasta el 06-01-2017, R6300v2 hasta el 06-01-2017, R6700 hasta el 06-01-2017, R7000 hasta el 06-01-2017, R7900 hasta el 06-01-2017, R7500 hasta el 06-01-2017, R8000 hasta el 06-01-2017, WGR614v10 hasta el 06-01-2017, WNR1000v2 hasta el 06-01-2017, WNR1000v3 hasta el 06-01-2017, WNR1000v4 hasta el 06-01-2017, WNR2000v3 hasta el 06-01-2017, WNR2000v4 hasta el 06-01-2017, WNR2000v5 hasta el 06-01-2017, WNR2200 hasta el 06-01-2017, WNR2500 hasta el 06-01-2017, WNR3500Lv2 hasta el 06-01-2017, WNDR3400v2 hasta el 06-01-2017, WNDR3400v3 hasta el 06-01-2017, WNDR3700v3 hasta el 06-01-2017, WNDR3700v4 hasta el 06-01-2017, WNDR3700v5 hasta el 06-01-2017, WNDR4300 hasta el 06-01-2017, WNDR4300v2 hasta el 06-01-2017, WNDR4500v1 hasta el 06-01-2017, WNDR4500v2 hasta el 06-01-2017, and WNDR4500v3 hasta el 06-01-2017.", }, ], id: "CVE-2016-11059", lastModified: "2024-11-21T02:45:24.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T17:15:12.460", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 21:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a R7800 versiones anteriores a la versión 1.0.2.40, R9000 versiones anteriores a la versión 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50 y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21178", lastModified: "2024-11-21T04:03:06.087", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T21:15:13.093", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055180/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055180/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2621", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B5A756C-6CA4-46EF-80B8-9051FB607B43", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D6100 versiones anteriores a 1.0.0.56, D7800 versiones anteriores a 1.0.1.30, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1. 0.3.24, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21218", lastModified: "2024-11-21T04:03:12.327", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:14.310", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.63, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WNDR3700v4 versiones anteriores a 1. 0.2.102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20725", lastModified: "2024-11-21T04:39:11.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:25.463", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-20 20:15
Modified
2024-11-21 07:30
Severity ?
Summary
An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03D97484-E4B7-4ABD-9F03-FD900ADE5D02", versionEndIncluding: "1.2.3.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:1.0:*:*:*:*:*:*:*", matchCriteriaId: "709B7F15-AF75-4404-814E-8519EE5AE227", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.", }, { lang: "es", value: "Se descubrió una vulnerabilidad de modificación de firmware explotable en el router Netgear WNR2000v1. Un atacante puede realizar un ataque MITM (Man-in-the-Middle) para modificar la imagen de firmware cargada por el usuario y eludir la verificación CRC, lo que permite a los atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS). Esto afecta a la versión 1.2.3.7 y anteriores.", }, ], id: "CVE-2022-46423", lastModified: "2024-11-21T07:30:34.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-20T20:15:10.557", references: [ { source: "cve@mitre.org", url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B5A756C-6CA4-46EF-80B8-9051FB607B43", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D6100 versiones anteriores a 1.0.0.56, D7800 versiones anteriores a 1.0.1.30, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1. 0.3.24, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21220", lastModified: "2024-11-21T04:03:12.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:14.403", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055117/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055117/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2481", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 19:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21174", lastModified: "2024-11-21T04:03:05.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T19:15:12.527", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055184/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055184/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2625", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21189", lastModified: "2024-11-21T04:03:07.827", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.550", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E460D519-DDF3-4E59-9E41-050DC3723FD7", versionEndExcluding: "1.0.3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.3.6, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21192", lastModified: "2024-11-21T04:03:08.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.723", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055165/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055165/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2603", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E460D519-DDF3-4E59-9E41-050DC3723FD7", versionEndExcluding: "1.0.3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, D7800 versiones anteriores a 1.0.1.34, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2. 40, R9000 versiones anteriores a 1.0.3.6, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21194", lastModified: "2024-11-21T04:03:08.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.830", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E460D519-DDF3-4E59-9E41-050DC3723FD7", versionEndExcluding: "1.0.3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, D7800 versiones anteriores a 1.0.1.34, R6100 versiones anteriores a 1.0.1.20, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1. 0.3.6, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21195", lastModified: "2024-11-21T04:03:08.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:12.873", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 21:15
Modified
2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6700_firmware | * | |
| netgear | r6700 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "732F20CF-135F-4CBF-988F-215B534994B1", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6EA8492-4A15-420E-B616-F93CC36EF255", versionEndExcluding: "1.0.0.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D54BE2-47EB-48F1-A6D0-FB0A2F5094C4", versionEndExcluding: "1.0.2.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94398B78-9F11-4AD2-A518-3A81CDD72E88", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68F195E4-0A6D-400B-8F48-3EA07DC3A3ED", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a R6700 versiones anteriores a 1.0.1.48, R7500 versiones anteriores a 1.0.0.124, R7800 versiones anteriores a 1.0.2.58, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WNDR3700v4 versiones anteriores a 1.0.2.102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.56, WNDR4500v3 versiones anteriores a 1.0.0.56 y WNR2000v5-R2000 versiones anteriores a 1.0.0.68.", }, ], id: "CVE-2018-21135", lastModified: "2024-11-21T04:02:59.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T21:15:11.453", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060225/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060225/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3165", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 18:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50 y WNR2000v5 versiones anteriores a 1.0.0.62 .", }, ], id: "CVE-2018-21173", lastModified: "2024-11-21T04:03:05.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T18:15:13.027", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:44
Severity ?
Summary
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | 1.0.0.70 | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:1.0.0.70:*:*:*:*:*:*:*", matchCriteriaId: "8B60ABCD-0AA5-480D-B56C-DAB3DE808729", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de denegación de servicio explotable en el Host Access Point Daemon (hostapd) en el enrutador inalámbrico NETGEAR N300 (WNR2000v5 con la versión de firmware V1.0.0.70). Una petición SOAP enviada en una secuencia no válida al servicio (WFAWLANConfig:1#PutMessage) puede causar una desreferencia del puntero null, resultando en el bloqueo del servicio hostapd. Un atacante no autenticado puede enviar una petición SOAP especialmente diseñada para desencadenar esta vulnerabilidad.", }, ], id: "CVE-2019-5055", lastModified: "2024-11-21T04:44:15.710", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:19.430", references: [ { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "talos-cna@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21196", lastModified: "2024-11-21T04:03:08.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:12.967", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-11 00:15
Modified
2024-11-21 06:17
Severity ?
2.4 (Low) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C8A5E09-861A-4C5F-8C0A-96803782E9EF", versionEndExcluding: "1.0.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33C16A69-C930-4DA3-8750-EB50F2827731", versionEndExcluding: "1.0.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FCEBCD7-1D0D-47F6-BC72-A53BFBF3662D", versionEndExcluding: "1.1.00.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*", matchCriteriaId: "00E6A1B7-4732-4259-9B71-10FF0B56A16B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4F36AC74-11DB-4805-9B73-302F86A8C240", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EEA190-2E9C-4586-BF81-B115532FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "58E68C65-9685-40E8-8D51-6C922232168B", versionEndExcluding: "1.0.0.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD73CBDF-0B17-4B1A-8A06-9F3926D1D113", versionEndExcluding: "1.0.1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A0D49BA-4843-4F7E-984A-FF7BDF292F56", versionEndExcluding: "1.0.0.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*", matchCriteriaId: "D8780623-F362-4FA5-8B33-37E9CB3FEE12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C35893A-C6C2-45C7-B3AF-BCFA62381BE5", versionEndExcluding: "1.0.1.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C329B7CB-1281-480D-BDDB-E222044D715E", versionEndExcluding: "1.0.3.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF9C0E1-7128-4052-B05E-3DD3394208A0", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*", matchCriteriaId: "F87FFC46-137D-45B8-B437-F15565FB33D0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "373DD028-D307-4B4A-9C35-DDC9366F481F", versionEndExcluding: "1.0.0.108", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*", matchCriteriaId: "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgnd2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "411A0637-1498-4376-B10D-004D096EC4F6", versionEndExcluding: "1.0.0.108", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgnd2200b:v4:*:*:*:*:*:*:*", matchCriteriaId: "D6EBFFCE-0D9E-4383-8CD6-3DC4D2412446", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "733650A8-D797-43B2-851E-1B364C9E7100", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0864CF6F-C025-44FE-B00F-83E14ACE1F8F", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*", matchCriteriaId: "CDAA5899-B73C-4690-853E-B5400F034BE1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B760484C-0D85-49BF-AA5D-2DB0A3A5D7E6", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*", matchCriteriaId: "CC5488D9-651C-4BAB-A141-06B816690D42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E8357471-53D2-4FCF-85CD-7D4297960841", versionEndExcluding: "1.0.0.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*", matchCriteriaId: "02E7CA7E-E6CA-4BAB-8F40-4731EA523D91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "094113E0-3656-4E2A-B9EF-D397296BD07C", versionEndExcluding: "1.0.2.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*", matchCriteriaId: "AB84CD03-765C-4D4F-A176-364F8E72A4E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC89483B-6D99-4A1B-A513-B50EA44DA963", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "23EA7CC1-B1E8-431F-B4AF-8393B85F26E3", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*", matchCriteriaId: "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "18C88DDC-92C2-400E-8269-88A0EA65A98A", versionEndExcluding: "1.0.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*", matchCriteriaId: "305E295C-9C73-4798-A0BE-7973E1EE5EAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D74896A7-7EF2-41C9-8A29-59B2EA5ABA5C", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v1:*:*:*:*:*:*:*", matchCriteriaId: "2CB9BD19-E748-41B9-8873-316FEB83F13D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "542F7529-27DB-41F1-A8E4-FA7A596E5DCC", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A81A7574-A2C7-4216-98C6-6790FA705013", versionEndExcluding: "1.0.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", matchCriteriaId: "3186CC67-B567-4A0C-BD2C-0433716FBD1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3223C7E1-06DF-4CAA-89DD-611435165F49", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0A1B4BD-9DD6-4999-B0FA-F843713C991F", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2F1E93FB-4926-4AF5-BA5F-A4DE4314B45F", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*", matchCriteriaId: "9F45B620-60B8-40F3-A055-181ADD71EFFF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2138C164-530B-4F97-8107-035F9D0852B0", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F6F80A7-3B51-46FD-854E-D848F7906048", versionEndExcluding: "1.0.1.180", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EFF5F80A-5196-4585-9993-6D985561B75E", versionEndExcluding: "2.1.4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A59BA256-2D2F-4930-9033-D312BA01D1FB", versionEndExcluding: "2.1.4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD22FA4E-1D05-4A83-9610-731957A96A96", versionEndExcluding: "2.1.4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14BE7862-3CBB-472E-9339-1435999C57F9", versionEndExcluding: "2.1.4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FCEC68E-0BD3-47E6-AD24-EE9076654B86", versionEndExcluding: "2.1.4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00C4765D-D903-4967-91D2-11F59458EBCD", versionEndExcluding: "2.1.4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CE0E9E59-4F1F-490B-BCE8-B3690593353B", versionEndExcluding: "2.2.1.204", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*", matchCriteriaId: "FEA73D22-970D-45F2-81F3-9576C04CCC94", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50E2E26A-200E-4D00-9657-034EACE3944F", versionEndExcluding: "1.0.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", matchCriteriaId: "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27FC1738-5A2C-4D4B-944C-1EB1A8D2476E", versionEndExcluding: "1.0.0.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", matchCriteriaId: "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "442B71BC-D2D4-4F0F-8962-B50D5E8D2833", versionEndExcluding: "1.0.0.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", matchCriteriaId: "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EDB0CD0A-A68D-4EF5-A938-6A15604C9107", versionEndExcluding: "1.0.1.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", matchCriteriaId: "363D4DEE-98B9-4294-B241-1613CAD1A3A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC9C60BB-2E7F-4D35-9348-8D8AEFAAD75F", versionEndExcluding: "1.0.1.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", matchCriteriaId: "D67167E5-81D2-4892-AF41-CBB6271232D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "92F53D21-C688-4477-815D-EFFF08F7D085", versionEndExcluding: "1.0.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", matchCriteriaId: "D18D2CCD-424F-41D5-919B-E22B9FA68D36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "51FC4898-BF35-443A-A003-40351B20ADEC", versionEndExcluding: "1.1.0.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1DD1F7D-7556-4B95-A33F-E389948D20AA", versionEndExcluding: "1.0.4.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E997B769-B2F7-4BB5-A834-96A68EF842BA", versionEndExcluding: "1.0.4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF638167-B018-4140-B115-C65F387EFD77", versionEndExcluding: "1.0.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "91532716-831D-401C-8707-86785F0A4E16", versionEndExcluding: "1.0.2.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "732F20CF-135F-4CBF-988F-215B534994B1", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A4FB8A1-D380-4234-88EB-91BFF6D215C7", versionEndExcluding: "1.2.0.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", matchCriteriaId: "9F9706E6-CA53-43E4-91B0-D52655C86860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C39CE79-6433-47E2-A439-9AB1DFBD843C", versionEndExcluding: "1.2.0.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6992BA-B0F5-4E00-84F4-0B0336910AFA", versionEndExcluding: "1.2.0.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E8EB69B-6619-47B6-A073-D0B840D4EB0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7BAAD2F7-BF0A-412B-BC2E-A69DC9BCB52E", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E453D3AE-A218-4791-BB19-79C2CF6EC6F8", versionEndExcluding: "1.0.9.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "103B19E9-C72D-43C2-8369-1C425E9B9AC7", versionEndExcluding: "1.3.1.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E23D8A41-75D8-4067-A961-3B81276527A8", versionEndExcluding: "1.3.1.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B484FA9-17B9-4829-9152-83691EE6A9BB", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F168C3F8-F77C-4918-A752-9A04CED2349E", versionEndExcluding: "1.0.0.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "536487B8-FF04-4526-BE91-44437256525C", versionEndExcluding: "1.0.3.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "845CF217-8361-4D5B-811D-B9CEB68880CB", versionEndExcluding: "1.0.3.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "98FAEBDA-5FBA-402D-9BA1-25E5DF4EF55F", versionEndExcluding: "1.0.4.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8BBB7E16-D31C-49EA-9D82-D3BACED95441", versionEndExcluding: "1.4.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6791754E-E5F9-42EA-AFDA-F93E8227A7C8", versionEndExcluding: "1.4.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0AB065-3152-492B-A66D-2BCCA1E3B1DA", versionEndExcluding: "1.0.2.128", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28EC6190-68BC-4D9A-9973-01935EB3472F", versionEndExcluding: "1.0.2.128", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6160F657-601E-4BDD-949A-D1411F08A8F9", versionEndExcluding: "2.2.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D05F28-47A2-46AE-992E-132B34F6194B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50v_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF38D418-BF9B-4C69-8D05-6D216B487182", versionEndExcluding: "2.2.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50v:-:*:*:*:*:*:*:*", matchCriteriaId: "54453B5D-4E51-4DAB-8670-5A99C0D4CE3E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "317AE6B1-BA33-49DF-A839-A49C5493996E", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2500rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0675F6C4-EB61-4DA3-8473-448E93D5E0A5", versionEndExcluding: "1.0.1.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2500rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "1C4C1B98-9551-4862-AEAC-3D5C313BD275", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "250E8C27-ED0F-46FC-B630-52E9BF2CA812", versionEndExcluding: "1.0.2.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A480981E-57ED-47E3-B9AB-190E4783DC04", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46D1F73B-1AE0-40AE-BED7-CAE3C7EFEE3B", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", matchCriteriaId: "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94398B78-9F11-4AD2-A518-3A81CDD72E88", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68F195E4-0A6D-400B-8F48-3EA07DC3A3ED", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F3D02E3-8FA1-4129-A4B2-25235AF0E49C", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0141851-BE96-4F6A-883F-3B20AE6945C1", versionEndExcluding: "1.1.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "727F8FD9-692C-4752-9B1E-D6281919061C", versionEndExcluding: "1.1.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1748207-4BAA-4CC2-AD44-19D895B1C08B", versionEndExcluding: "1.2.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*", matchCriteriaId: "C8DE4BFA-41DE-4748-ACC7-14362333A059", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7C031037-5177-4871-9C61-15BC580CC41D", versionEndExcluding: "2.3.2.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una omisión de la autenticación. Esto afecta a D3600 versiones anteriores a 1.0.0.72, D6000 versiones anteriores a 1.0.0.72, D6100 versiones anteriores a 1.0.0.63, D6200 versiones anteriores a 1.1.00.34, D6220 versiones anteriores a 1.0.0.48, D6400 versiones anteriores a 1.0.0.86, D7000 versiones anteriores a 1.0.1.70, D7000v2 versiones anteriores a 1.0.0.52, D7800 versiones anteriores a 1.0.1.56, D8500 versiones anteriores a 1.0.3.44, DC112A versiones anteriores a 1.0.0.42, DGN8000 versiones anteriores a 1.0.4.98. 0.0.42, DGN2200v4 versiones anteriores a 1.0.0.108, DGND2200Bv4 versiones anteriores a 1.0.0.108, EX2700 versiones anteriores a 1.0.1.48, EX3700 versiones anteriores a 1.0.0.76, EX3800 versiones anteriores a 1.0.0.76, EX6000 versiones anteriores a 1.0.0.38, EX6100 versiones anteriores a 1.0.2.24, EX6100v2 versiones anteriores a 1.0.1.76, EX6120 versiones anteriores a 1.0.0.42, EX6130 versiones anteriores a 1. 0.0.28, EX6150v1 versiones anteriores a 1.0.0.42, EX6150v2 versiones anteriores a 1.0.1.76, EX6200 versiones anteriores a 1.0.3.88, EX6200v2 versiones anteriores a 1.0.1.72, EX6400 versiones anteriores a 1.0.2.136, EX7000 versiones anteriores a 1.0.0.66, EX7300 versiones anteriores a 1.0.2.136, EX8000 versiones anteriores a 1.0.1.180, RBK50 versiones anteriores a 2.1.4.10, RBR50 versiones anteriores a 2.1.4. 10, RBS50 versiones anteriores a 2.1.4.10, RBK40 versiones anteriores a 2.1.4.10, RBR40 versiones anteriores a 2.1.4.10, RBS40 versiones anteriores a 2.1.4.10, RBW30 versiones anteriores a 2.2.1.204, PR2000 versiones anteriores a 1.0.0.28, R6020 versiones anteriores a 1.0.0.38, R6080 versiones anteriores a 1.0.0.38, R6050 versiones anteriores a 1.0.1.18, JR6150 versiones anteriores a 1.0.1.18, R6120 versiones anteriores a 1.0. 0.46, R6220 versiones anteriores a 1.1.0.86, R6250 versiones anteriores a 1.0.4.34, R6300v2 versiones anteriores a 1.0.4.32, R6400 versiones anteriores a 1.0.1.44, R6400v2 versiones anteriores a 1.0.2. 62, R6700 versiones anteriores a 1.0.1.48, R6700v2 versiones anteriores a 1.2.0.36, R6800 versiones anteriores a 1.2.0.36, R6900v2 versiones anteriores a 1.2.0.36, R6900 versiones anteriores a 1.0.1.48, R7000 versiones anteriores a 1. 0.9.34, R6900P versiones anteriores a 1.3.1.64, R7000P versiones anteriores a 1.3.1.64, R7100LG versiones anteriores a 1.0.0.48, R7300DST versiones anteriores a 1.0.0.70, R7500v2 versiones anteriores a 1. 0.3.38, R7800 versiones anteriores a 1.0.2.52, R7900 versiones anteriores a 1.0.3.8, R8000 versiones anteriores a 1.0.4.28, R7900P versiones anteriores a 1.4.1.30, R8000P versiones anteriores a 1.4.1. 30, R8300 versiones anteriores a 1.0.2.128, R8500 versiones anteriores a 1.0.2.128, R9000 versiones anteriores a 1.0.3.10, RBS40V versiones anteriores a 2.2.0.58, RBK50V versiones anteriores a 2.2.0. 58, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN2500RPv2 versiones anteriores a 1.0.1.54, WN3000RPv3 versiones anteriores a 1.0.2.78, WN3100RPv2 versiones anteriores a 1.0.0.66, WNDR3400v3 versiones anteriores a 1.0. 1.22, WNDR3700v4 versiones anteriores a 1.0.2.102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.56, WNDR4500v3 versiones anteriores a 1.0.0. 56, WNR2000v5 (R2000) versiones anteriores a 1.0.0.66, WNR2020 versiones anteriores a 1.1.0.62, WNR2050 versiones anteriores a 1.1.0.62, WNR3500Lv2 versiones anteriores a 1.2.0.62 y XR500 versiones anteriores a 2.3.2.22", }, ], id: "CVE-2021-38514", lastModified: "2024-11-21T06:17:17.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-11T00:15:15.663", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063757/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2017-2449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063757/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2017-2449", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-20 20:15
Modified
2024-11-21 07:30
Severity ?
Summary
An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03D97484-E4B7-4ABD-9F03-FD900ADE5D02", versionEndIncluding: "1.2.3.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:1.0:*:*:*:*:*:*:*", matchCriteriaId: "709B7F15-AF75-4404-814E-8519EE5AE227", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.", }, { lang: "es", value: "Un problema en Netgear WNR2000 v1 1.2.3.7 y anteriores permite a atacantes autenticados provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada durante el proceso de actualización del firmware.", }, ], id: "CVE-2022-46422", lastModified: "2024-11-21T07:30:34.137", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-20T20:15:10.453", references: [ { source: "cve@mitre.org", url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1bFKBWwi", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1bFKBWwi", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rbk20_firmware | * | |
| netgear | rbk20 | - | |
| netgear | rbr20_firmware | * | |
| netgear | rbr20 | - | |
| netgear | rbs20_firmware | * | |
| netgear | rbs20 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs50_firmware | * | |
| netgear | rbs50 | - | |
| netgear | rbs40_firmware | * | |
| netgear | rbs40 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A6C9089-563D-4345-90C7-D2D512382BF1", versionEndExcluding: "1.0.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03798255-94BA-427C-8B2D-0861CD5FF730", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "536487B8-FF04-4526-BE91-44437256525C", versionEndExcluding: "1.0.3.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "448D7EA1-A7BB-4AA5-8260-1D533D6A99AC", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1525B9D0-B147-437D-ACAE-58819A1F4FC6", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4515F985-B714-480C-8FBA-2499A29F29FA", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA9F2B44-4114-495A-B200-B703FDFC3F8F", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A25B8627-D325-493B-8B7D-4F900334F0D8", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81ED6C61-2A7C-49EC-BD3D-466442EF715C", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "08426AC6-4811-43E8-87EB-204A2729C49B", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.44, DM200 versiones anteriores a 1.0.0.58, R7500v2 versiones anteriores a 1.0.3.38, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, RBK20 versiones anteriores a 2.3.0.28, RBR20 versiones anteriores a 2.3.0.28, RBS20 versiones anteriores a 2. 3.0.28, RBK50 versiones anteriores a 2.3.0.32, RBR50 versiones anteriores a 2.3.0.32, RBS50 versiones anteriores a 2.3.0.32, RBS40 versiones anteriores a 2.3.0.28, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20722", lastModified: "2024-11-21T04:39:11.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:25.277", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061206/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0148", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061206/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0148", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 20:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs50_firmware | * | |
| netgear | rbs50 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA9F2B44-4114-495A-B200-B703FDFC3F8F", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A25B8627-D325-493B-8B7D-4F900334F0D8", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81ED6C61-2A7C-49EC-BD3D-466442EF715C", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 antes de V1.0.0.75, D6100 antes de V1.0.0.63, R7800 antes de v1.0.2.52, R8900 antes de v1.0.4.2, R9000 antes de v1.0.4.2, RBK50 antes de v2.3.0.32, RBR50 antes de v2.3.0. 32, RBS50 antes de la v2.3.0.32, WNDR3700v4 versiones anteriores a v1.0.2.102, WNDR4300v1 versiones anteriores a v1.0.2.104, WNDR4300v2 versiones anteriores a v1.0.0.58, WNDR4500v3 versiones anteriores a v1.0.0.58, WNR2000v5 versiones anteriores a v1.0.0.68, y XR500 antes de la v2.3.2.32.", }, ], id: "CVE-2019-20735", lastModified: "2024-11-21T04:39:13.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T20:15:13.633", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061191/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061191/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0138", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 20:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD763D04-70A0-4A50-8866-330B82703680", versionEndExcluding: "1.0.0.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "061389AF-C8DA-48DF-8D7E-014A9B8D5D09", versionEndExcluding: "1.0.0.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*", matchCriteriaId: "D8780623-F362-4FA5-8B33-37E9CB3FEE12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5E70AF3-FFD8-4ACD-9F4C-DB03BFB1125A", versionEndExcluding: "1.0.3.39", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72004304-314A-4BE6-A33E-7F4CDF01FCEF", versionEndExcluding: "1.0.0.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*", matchCriteriaId: "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgnd2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE696277-6FBD-4345-B372-FA375B0F763B", versionEndExcluding: "1.0.0.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgnd2200b:v4:*:*:*:*:*:*:*", matchCriteriaId: "D6EBFFCE-0D9E-4383-8CD6-3DC4D2412446", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7DEE689F-923A-414C-B048-E4716DA2B783", versionEndExcluding: "1.0.0.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jndr3000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACE7B01B-A02D-4B45-B61C-D61D8CFD52C1", versionEndExcluding: "1.0.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jndr3000:-:*:*:*:*:*:*:*", matchCriteriaId: "5DEEEEE5-0798-450E-BF9D-B17A15235C80", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B7ED1541-DE7D-4A4C-B8D1-CB42E52E3DBE", versionEndExcluding: "2.3.5.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "094B04D5-9063-4D7A-B367-E1F2688B3667", versionEndExcluding: "2.3.5.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C489444C-6C19-4A52-AF66-A1D48ADC4F26", versionEndExcluding: "2.3.5.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E993AF26-3505-4FD8-8842-F5E613CDDC2E", versionEndExcluding: "2.1.2.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*", matchCriteriaId: "FEA73D22-970D-45F2-81F3-9576C04CCC94", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D1A9B6F-89B2-4785-A0E2-3FD322D6A28F", versionEndExcluding: "1.0.4.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "110B10A0-1969-4FDE-9289-6EAB81D1657B", versionEndExcluding: "1.0.4.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB86B739-440E-4269-92EC-F7F3058E4406", versionEndExcluding: "1.0.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E4EAD37-164F-4631-8DED-AB9BD41D2429", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0BCDB34-EC1F-43A1-AA7D-BF4CA1F4C168", versionEndExcluding: "1.0.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A71BAC6A-F08E-4015-9A54-3CF5FDF85950", versionEndExcluding: "1.0.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5352DD0A-3388-423C-B6E3-38FFF8B4700F", versionEndExcluding: "1.0.9.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0CB1E644-FB4B-443B-B9D7-349F0024FB74", versionEndExcluding: "1.3.0.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EFFC911D-B2A3-47D7-940A-76978458CEA5", versionEndExcluding: "1.3.0.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB388895-B579-43B7-A88E-4BD28D41F6E2", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "999A4F9A-D803-47D0-94F5-4626669D8DE0", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE1B60E4-C8FA-4094-9F05-1746A01557D9", versionEndExcluding: "1.0.2.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0C9AB4A-497B-4D5C-93E3-430C3361E24F", versionEndExcluding: "1.0.2.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72C46066-B210-44BB-9219-14B2E8CCEF8E", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B19B770D-4660-4B12-8B5C-B689DA8CCB64", versionEndExcluding: "1.3.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2DDFF20-B761-4E45-9F16-CE15C82AAB5C", versionEndExcluding: "1.3.0.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E4D2E75-1ADA-4ECE-B1B5-12E28913063E", versionEndExcluding: "1.0.2.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "16C3369B-3E65-4CB7-BFF0-5052DBB16C45", versionEndExcluding: "1.0.2.116", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "38BC0F78-4571-45E6-9023-CD1AEA7DF8EF", versionEndExcluding: "1.0.1.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", matchCriteriaId: "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "263DFC40-2EED-49F3-AAA5-0F5D7EAC2DF3", versionEndExcluding: "1.2.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*", matchCriteriaId: "C8DE4BFA-41DE-4748-ACC7-14362333A059", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer por parte de un usuario autenticado. Esto afecta a D6400 versiones anteriores a 1.0.0.74, D7000v2 versiones anteriores a 1.0.0.74, D7800 versiones anteriores a 1.0.1.34, D8500 versiones anteriores a 1.0.3.39, DGN2200v4 versiones anteriores a 1.0.0.102, DGND2200Bv4 versiones anteriores a 1.0.0.102, DM200 versiones anteriores a 1.0.0.52, JNDR3000 versiones anteriores a 1.0.0.22, RBK50 versiones anteriores a 2.3.5.30, RBR50 versiones anteriores a 2.3. 5.30, RBS50 versiones anteriores a 2.3.5.30, RBW30 versiones anteriores a 2.1.2.6, R6250 versiones anteriores a 1.0.4.26, R6300v2 versiones anteriores a 1.0.4.24, R6400 versiones anteriores a 1.0.1. 36, R6400v2 versiones anteriores a 1.0.2.52, R6700 versiones anteriores a 1.0.1.44, R6900 versiones anteriores a 1.0.1.44, R7000 versiones anteriores a 1.0.9.26, R6900P versiones anteriores a 1.3.0.20, R7000P versiones anteriores a 1. 3.0.20, R7100LG versiones anteriores a 1.0.0.40, R7300DST versiones anteriores a 1.0.0.62, R7500v2 versiones anteriores a 1.0.3.26, R7800 versiones anteriores a 1.0.2.44, R7900 versiones anteriores a 1.0.2.10, R8000 versiones anteriores a 1.0.4.12, R7900P versiones anteriores a 1.3.0.10, R8000P versiones anteriores a 1.3.0.10, R8300 versiones anteriores a 1.0.2.116, R8500 versiones anteriores a 1.0.2. 116, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WNDR3400v3 versiones anteriores a 1.0.1.18, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300v1 versiones anteriores a 1. 0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54, WNR2000v5 versiones anteriores a 1.0.0.64, y WNR3500Lv2 versiones anteriores a 1.2.0.48.", }, ], id: "CVE-2019-20728", lastModified: "2024-11-21T04:39:12.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 5.5, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T20:15:13.210", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061199/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2017-315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061199/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2017-315", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE1B60E4-C8FA-4094-9F05-1746A01557D9", versionEndExcluding: "1.0.2.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R7800 versiones anteriores a 1.2.0.44, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21198", lastModified: "2024-11-21T04:03:09.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:13.090", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055151/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055151/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2594", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 18:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7DEE689F-923A-414C-B048-E4716DA2B783", versionEndExcluding: "1.0.0.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93C7D5A8-3B1D-4DCD-ACB6-8629CE598C25", versionEndExcluding: "1.0.3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a D7800 versiones anteriores a 1.0.1.34, DM200 versiones anteriores a 1.0.0.52, R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.26, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.3.16, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21155", lastModified: "2024-11-21T04:03:02.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 3.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T18:15:12.357", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-and-Routers-PSV-2017-3101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-and-Routers-PSV-2017-3101", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A37AA7DC-5B2C-4E1B-8556-F1C9F6BBE9D7", versionEndExcluding: "1.0.0.55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A94DD9D-0F07-4FD7-B1B0-1DD1E319B092", versionEndExcluding: "1.0.1.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2E25FA-14F1-44ED-99D3-B5ED7D898D59", versionEndExcluding: "1.0.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9E7939-E195-44AB-8880-D0BCF26BF2E0", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B5D8AD4-6C67-4DC7-99DF-B29DBA4BC376", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", matchCriteriaId: "D67167E5-81D2-4892-AF41-CBB6271232D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34429B2B-D8CB-4BEC-B5FA-5C7F8AC9A1FE", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6754FA98-E862-4C0B-9146-E858B15B0AE6", versionEndExcluding: "1.0.0.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", matchCriteriaId: "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB4D669D-D6C4-403E-896D-55EE4EEB7C27", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", matchCriteriaId: "363D4DEE-98B9-4294-B241-1613CAD1A3A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E8197CA-84A2-4714-8EBB-04BA4B66ED29", versionEndExcluding: "1.0.1.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E91C5BC-8FAB-4D9F-BADB-D6286D531C75", versionEndExcluding: "1.0.0.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", matchCriteriaId: "D18D2CCD-424F-41D5-919B-E22B9FA68D36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E464FF8D-6202-40BA-9740-9CCE2BC23607", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0EA5FF68-8609-4692-8DBF-A12606882BE5", versionEndExcluding: "1.2.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", matchCriteriaId: "9F9706E6-CA53-43E4-91B0-D52655C86860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A272C3DA-043A-4621-9F16-70F9501FEE46", versionEndExcluding: "1.2.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", matchCriteriaId: "09404083-B00B-4C1F-8085-BC242E625CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B89AB47-7117-4FA7-B8F1-36D0C281C403", versionEndExcluding: "1.2.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E8EB69B-6619-47B6-A073-D0B840D4EB0B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F227D99-88C9-457F-BCA5-665F531E04AB", versionEndExcluding: "1.0.0.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A98819AD-045F-45AE-9579-258E41882CD9", versionEndExcluding: "1.0.3.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3255D316-04E5-4056-BFFF-38B042167A74", versionEndExcluding: "1.0.2.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "030AAA8B-65D9-42E4-ACF6-F2DB13D4AA30", versionEndExcluding: "1.0.2.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2E8B48-CF6F-488A-A932-246B434CAF1B", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD1F416B-C938-4AE3-B93E-03087575FF40", versionEndExcluding: "1.1.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", matchCriteriaId: "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5684DEA-5F12-4E72-B8D1-C5F3E1D22726", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C819040-B30C-4393-9DD4-8E5744B13050", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36CCD48D-4474-4363-8DE6-846714B99D3D", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "436026D2-0B8E-4BA5-AD34-9EB285EDA78A", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.55, D7000 versiones anteriores a 1.0.1.50, D7800 versiones anteriores a 1.0.1.28, JNR1010v2 versiones anteriores a 1.1.0.44, JR6150 versiones anteriores a 1.0.1.10, JWNR2010v5 versiones anteriores a 1.1.0.44, PR2000 versiones anteriores a 1.0.0.18, R6050 versiones anteriores a 1.0.1.10, R6100 versiones anteriores a 1.0.1.14, R6120 versiones anteriores a 1.0.0.30, R6220 versiones anteriores a 1.1.0.50, R6700v2 versiones anteriores a 1.2.0.4, R6800 versiones anteriores a 1.2.0.4, R6900v2 versiones anteriores a 1.2.0.4, R7500 versiones anteriores a 1.0.0.110, R7500v2 versiones anteriores a 1.0.3.20, R7800 versiones anteriores a 1.0.2.36, R9000 versiones anteriores a 1.0.2.52, WN3000RPv3 versiones anteriores a 1.0.2.50, WNDR3700v4 versiones anteriores a 1.0.2.88, WNDR3700v5 versiones anteriores a 1.1.0.48, WNDR4300v1 versiones anteriores a 1.0.2.90, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48, WNR1000v4 versiones anteriores a 1.1.0.44, WNR2000v5 versiones anteriores a 1.0.0.58, WNR2020 versiones anteriores a 1.1.0.44 y WNR2050 versiones anteriores a 1.1.0.44.", }, ], id: "CVE-2017-18764", lastModified: "2024-11-21T03:20:51.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T16:15:11.497", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 22:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una denegación de servicio. Esto afecta a R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21165", lastModified: "2024-11-21T04:03:03.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T22:15:12.443", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 20:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21177", lastModified: "2024-11-21T04:03:05.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T20:15:11.947", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6300_firmware | * | |
| netgear | r6300 | v2 | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | - | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | v2 | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | - | |
| netgear | wnr3500l_firmware | * | |
| netgear | wnr3500l | v2 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8097CEE-2577-4C44-9260-8B2DD2D2CA78", versionEndExcluding: "1.0.4.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "43A9840B-1C54-4987-A179-EE8F8F8685FC", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB7B08B9-07D2-4404-846A-D1CA02C16557", versionEndExcluding: "1.0.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AA5CCA76-ED97-4B2E-AB06-9C9F375F7C81", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E7A7A9C9-3505-440C-8806-E48AB316C2CC", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7CE20879-71BC-433E-A8B0-D1004A016B34", versionEndExcluding: "1.2.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*", matchCriteriaId: "C8DE4BFA-41DE-4748-ACC7-14362333A059", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9A59121-B980-46B4-ABB8-13DEAE8F3923", versionEndExcluding: "1.2.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v2:*:*:*:*:*:*:*", matchCriteriaId: "C5085749-A0E2-448D-B26B-7E25400F1C12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una denegación de servicio. Esto afecta a R6300v2 versiones anteriores a 1.0.4.8, R6400 versiones anteriores a 1.0.1.22, R6400v2 versiones anteriores a 1.0.2.32, R6700 versiones anteriores a 1.0.1.20, R6900 versiones anteriores a 1.0.1.20, WNR3500Lv2 versiones anteriores a 1.2.0.44 y WNR2000v2 versiones anteriores a 1.2.0.8.", }, ], id: "CVE-2017-18765", lastModified: "2024-11-21T03:20:51.913", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T16:15:11.543", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 15:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | jnr1010_firmware | * | |
| netgear | jnr1010 | v2 | |
| netgear | jwnr2010_firmware | * | |
| netgear | jwnr2010 | v5 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr1000_firmware | * | |
| netgear | wnr1000 | v4 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | wnr2020_firmware | * | |
| netgear | wnr2020 | - | |
| netgear | wnr2050_firmware | * | |
| netgear | wnr2050 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A37AA7DC-5B2C-4E1B-8556-F1C9F6BBE9D7", versionEndExcluding: "1.0.0.55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A94DD9D-0F07-4FD7-B1B0-1DD1E319B092", versionEndExcluding: "1.0.1.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F3197737-90A5-411B-8F3D-902D7FD3CEB6", versionEndExcluding: "1.0.1.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B13F80BA-F4DF-4728-8591-CDEEE82BDF9E", versionEndExcluding: "1.1.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "52C2DA42-3B95-43B4-AB3B-103607B44C33", versionEndExcluding: "1.1.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D3B299C-B097-4287-B250-DA6488970976", versionEndExcluding: "1.0.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E464FF8D-6202-40BA-9740-9CCE2BC23607", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F05A673D-1AA7-4DDA-A00C-EBC353777417", versionEndExcluding: "1.0.0.108", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B635B7C8-01C3-4C4F-B0FD-1B826801214B", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6E8DBB-487E-45DE-990D-AF193F05BA97", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "18CB70FD-790E-4342-962A-2C9D8991B3C1", versionEndExcluding: "1.1.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3B5B30F-0159-48B6-BC8D-BF8F2EE519D6", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "764C3E34-DDED-4530-A314-0D99226B9E1C", versionEndExcluding: "1.1.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "013EA9F3-64C4-4F06-989D-D00D86CF555F", versionEndExcluding: "1.1.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una omisión de autenticación. Esto afecta a D6100 versiones anteriores a V1.0.0.55, D7000 versiones anteriores a V1.0.1.50, D7800 versiones anteriores a V1.0.1.24, JNR1010v2 versiones anteriores a 1.1.0.40, JWNR2010v5 versiones anteriores a 1.1.0.40, R6100 versiones anteriores a 1.0.1.12, R6220 versiones anteriores a 1.1.0.50, R7500 versiones anteriores a 1.0.0.108, R7500v2 versiones anteriores a 1.0.3.10, WNDR4300v1 versiones anteriores a 1.0.2.88, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48, WNR1000v4 versiones anteriores a 1.1.0.40, WNR2000v5 versiones anteriores a 1.0.0.42, WNR2020 versiones anteriores a 1.1.0.50 y WNR2020 versiones anteriores a 1.1.0.50, y WNR2050 versiones anteriores a 1.1.0.40.", }, ], id: "CVE-2017-18776", lastModified: "2024-11-21T03:20:53.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T15:15:12.050", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | ex6100_firmware | * | |
| netgear | ex6100 | v2 | |
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | ex6200_firmware | * | |
| netgear | ex6200 | v2 | |
| netgear | ex6400_firmware | * | |
| netgear | ex6400 | - | |
| netgear | ex7300_firmware | * | |
| netgear | ex7300 | - | |
| netgear | ex8000_firmware | * | |
| netgear | ex8000 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wn2000rpt_firmware | * | |
| netgear | wn2000rpt | v3 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03798255-94BA-427C-8B2D-0861CD5FF730", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "733650A8-D797-43B2-851E-1B364C9E7100", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC89483B-6D99-4A1B-A513-B50EA44DA963", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "542F7529-27DB-41F1-A8E4-FA7A596E5DCC", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3223C7E1-06DF-4CAA-89DD-611435165F49", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0A1B4BD-9DD6-4999-B0FA-F843713C991F", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2138C164-530B-4F97-8107-035F9D0852B0", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F6F80A7-3B51-46FD-854E-D848F7906048", versionEndExcluding: "1.0.1.180", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "317AE6B1-BA33-49DF-A839-A49C5493996E", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6FCA6E-55DB-4D65-BD80-BF186C2F04FB", versionEndExcluding: "1.0.2.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3AC696D-EFAB-4DFF-A908-BCF1D58A4AFD", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.63, DM200 versiones anteriores a 1.0.0.58, EX2700 versiones anteriores a 1.0.1.48, EX6100v2 versiones anteriores a 1. 0,1,76, EX6150v2 versiones anteriores a 1.0.1.76, EX6200v2 versiones anteriores a 1.0.1.72, EX6400 versiones anteriores a 1.0.2.136, EX7300 versiones anteriores a 1.0.2.136, EX8000 versiones anteriores a 1.0.1. 180, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1. 0.2.70, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20723", lastModified: "2024-11-21T04:39:11.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:25.337", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rbk20_firmware | * | |
| netgear | rbk20 | - | |
| netgear | rbr20_firmware | * | |
| netgear | rbr20 | - | |
| netgear | rbs20_firmware | * | |
| netgear | rbs20 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs50_firmware | * | |
| netgear | rbs50 | - | |
| netgear | rbs40_firmware | * | |
| netgear | rbs40 | - | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A6C9089-563D-4345-90C7-D2D512382BF1", versionEndExcluding: "1.0.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03798255-94BA-427C-8B2D-0861CD5FF730", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAE7FDE8-A375-4E10-9A57-F93C35FCF694", versionEndExcluding: "1.0.3.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "52E997BC-B5C7-4FBA-9535-6A0BA398F8C3", versionEndExcluding: "1.0.2.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5AC056A-DF92-4CA7-9919-2C9BDAE3C32D", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F1F914AD-70DC-47F5-A2F7-672DBE89C62E", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "712E83F9-2AC9-45B1-B0D6-E780CB8D9365", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "850B682D-1D78-489A-8988-5D588EB975AC", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5B0AB512-7926-4D78-87A2-FFBD56F7D2CA", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F58362EC-24C5-4EC3-9475-328469DABFD2", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B49E5051-D9AF-4852-8BDF-6F9C61CB5519", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F1FE395-0B10-4AA8-A178-D87E93CFA5D5", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8517632E-5C50-4A30-A9EE-7205A014619F", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6FCA6E-55DB-4D65-BD80-BF186C2F04FB", versionEndExcluding: "1.0.2.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3AC696D-EFAB-4DFF-A908-BCF1D58A4AFD", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D7800 versiones anteriores a 1.0.1.44, DM200 versiones anteriores a 1.0.0.58, R7500v2 versiones anteriores a 1.0.3. 40, R7800 versiones anteriores a 1.0.2.60, R8900 versiones anteriores a 1.0.4.12, R9000 versiones anteriores a 1.0.4.12, RBK20 versiones anteriores a 2.3.0.22, RBR20 versiones anteriores a 2.3.0.22, RBS20 versiones anteriores a 2.3.0. 22, RBK50 versiones anteriores a 2.3.0.22, RBR50 versiones anteriores a 2.3.0.22, RBS50 versiones anteriores a 2.3.0.22, RBS40 versiones anteriores a 2.3.0.22, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1. 0.2.70, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, y WNR2000v5 versiones anteriores a 1.0.0.68.", }, ], id: "CVE-2019-20714", lastModified: "2024-11-21T04:39:09.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:24.777", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061214/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2018-0249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061214/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2018-0249", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 22:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una denegación de servicio. Esto afecta a R6100 versiones anteriores a la versión 1.0.1.22, R7500 versiones anteriores a la versión 1.0.0.122, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21166", lastModified: "2024-11-21T04:03:03.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T22:15:12.507", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 17:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d3600_firmware | * | |
| netgear | d3600 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D7800 versiones anteriores a 1.0.1.30, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3. 24, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21222", lastModified: "2024-11-21T04:03:12.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T17:15:12.930", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055115/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055115/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2458", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | - | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | v2 | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | - | |
| netgear | r6900_firmware | * | |
| netgear | r6900 | - | |
| netgear | r7000_firmware | * | |
| netgear | r7000 | - | |
| netgear | r7000p_firmware | * | |
| netgear | r7000p | - | |
| netgear | r6900p_firmware | * | |
| netgear | r6900p | - | |
| netgear | r7100lg_firmware | * | |
| netgear | r7100lg | - | |
| netgear | r7300dst_firmware | * | |
| netgear | r7300dst | - | |
| netgear | r7900_firmware | * | |
| netgear | r7900 | - | |
| netgear | r8000_firmware | * | |
| netgear | r8000 | - | |
| netgear | r8300_firmware | * | |
| netgear | r8300 | - | |
| netgear | r8500_firmware | * | |
| netgear | r8500 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F476F7D7-EAE2-4A09-8C4B-A53F885A1337", versionEndExcluding: "1.0.1.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29EA60BF-FBA6-4305-8173-07130A527410", versionEndExcluding: "1.0.1.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB7B08B9-07D2-4404-846A-D1CA02C16557", versionEndExcluding: "1.0.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C3255EE-BBE5-4EBE-92CC-D0C6E6D8563F", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "24E4CE14-4FC5-4F73-BFC8-F0B0D924F788", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD7D570E-C5EF-4D3E-BCCF-926DBDB12016", versionEndExcluding: "1.0.9.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E7FE05C-8ACF-4D53-A6D9-2C99673CE41A", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A8D2A56D-4AAA-4E55-AE7A-E343EA9D6133", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "833A98AF-A4B0-4C68-AACD-6B3F58E64060", versionEndExcluding: "1.0.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0EE8EBA-C4CD-4CA1-A684-54338B1254A9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A98DFA81-D1BA-41AE-A6A3-1EBBFC452D0F", versionEndExcluding: "1.0.1.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7393D4D7-F607-423E-917E-FE520D7A3A73", versionEndExcluding: "1.0.3.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BCE9CF95-192E-4D43-9DAD-2C8D9AF045E9", versionEndExcluding: "1.0.2.106", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4DFD7557-D13D-40EB-94AD-AF092CDE587A", versionEndExcluding: "1.0.2.106", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A66936-4268-4990-8E83-24C74A75B9F6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C819040-B30C-4393-9DD4-8E5744B13050", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un atacante no autenticado. Esto afecta a EX6150v2 versiones anteriores a 1.0.1.54, R6400 versiones anteriores a 1.0.1.24, R6400v2 versiones anteriores a 1.0.2.32, R6700 versiones anteriores a 1.0.1.22, R6900 versiones anteriores a 1.0.1.22, R7000 versiones anteriores a 1.0.9.10, R7000P versiones anteriores a 1.2.0.22, R6900P versiones anteriores a 1.2.0.22, R7100LG versiones anteriores a 1.0.0.32, R7300DST versiones anteriores a 1.0.0.54, R7900 versiones anteriores a 1.0.1.18, R8000 versiones anteriores a 1.0.3.48, R8300 versiones anteriores a 1.0.2.106, R8500 versiones anteriores a 1.0.2.106, R6100 versiones anteriores a 1.0.1.16, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48 y WNR2000v5 versiones anteriores a 1.0.0.58.", }, ], id: "CVE-2017-18738", lastModified: "2024-11-21T03:20:48.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T17:15:12.550", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1.78, JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47DB7AAC-5EE3-4912-A44F-C9D5BF42B01C", versionEndExcluding: "1.0.0.27", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d1500:-:*:*:*:*:*:*:*", matchCriteriaId: "78DC8809-C26D-48D8-9E12-228C3669B824", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B5A5FCA-6198-4DF7-B395-F266C2B6270C", versionEndExcluding: "1.0.0.27", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d500:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE070E3-C0B1-455F-83A9-5C60C489816F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8AA0851-BFD5-45F6-9673-CA4B83D8B844", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EEA190-2E9C-4586-BF81-B115532FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD763D04-70A0-4A50-8866-330B82703680", versionEndExcluding: "1.0.0.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82EB2B81-08D9-4C81-B6DE-8D1FCAEC485A", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5E70AF3-FFD8-4ACD-9F4C-DB03BFB1125A", versionEndExcluding: "1.0.3.39", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FCA60A85-77FF-41BF-89FA-7EB3ACFECDB8", versionEndExcluding: "1.0.0.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*", matchCriteriaId: "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5C27C8A-1B80-47CD-B015-14588F4F8732", versionEndExcluding: "1.0.0.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*", matchCriteriaId: "25090794-A90C-40CD-8E95-87EC4E98B928", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C309FEFF-5FB1-41BB-B9C5-97CFAC29892C", versionEndExcluding: "1.0.1.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B79CB764-3B62-4C39-9B68-A7C949EA91BE", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*", matchCriteriaId: "CDAA5899-B73C-4690-853E-B5400F034BE1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72C578B9-6D52-492F-854F-067EB36F84B1", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*", matchCriteriaId: "CC5488D9-651C-4BAB-A141-06B816690D42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "520E4E2B-FF48-4B11-8A41-975B1A5E9FA2", versionEndExcluding: "1.0.0.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*", matchCriteriaId: "02E7CA7E-E6CA-4BAB-8F40-4731EA523D91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4707A6F6-9586-47FF-8E1A-55D950D8CE19", versionEndExcluding: "1.0.2.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*", matchCriteriaId: "AB84CD03-765C-4D4F-A176-364F8E72A4E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC81E61-E8CD-4929-A1E2-C1B620BCC3E7", versionEndExcluding: "1.0.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*", matchCriteriaId: "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09C02A78-A382-43A0-A20F-D6521F6DD57F", versionEndExcluding: "1.0.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*", matchCriteriaId: "305E295C-9C73-4798-A0BE-7973E1EE5EAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5E1BEB0-8AA0-423B-A0A2-966341402819", versionEndExcluding: "1.0.0.34_1.0.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:-:*:*:*:*:*:*:*", matchCriteriaId: "46452E97-9347-4788-9570-1EECECC7255E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1C96EDAD-1985-4AB7-9FF1-C67A5D274C99", versionEndExcluding: "1.0.3.82_1.1.117", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", matchCriteriaId: "3186CC67-B567-4A0C-BD2C-0433716FBD1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66120328-5681-46E5-86A5-CAC62B9243B9", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "274A58AC-3E28-411B-8495-2ADD184CFAE6", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*", matchCriteriaId: "9F45B620-60B8-40F3-A055-181ADD71EFFF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "974F3120-1A73-4301-A720-E31C9C27B41C", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0005DB1D-49BA-4099-89DC-5B4C9AA8BF6F", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B5D8AD4-6C67-4DC7-99DF-B29DBA4BC376", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", matchCriteriaId: "D67167E5-81D2-4892-AF41-CBB6271232D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D0FEB73-5572-48DE-86BE-055364878989", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E111C4B-C1D5-403A-A35F-D538E16D0E23", versionEndExcluding: "1.0.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", matchCriteriaId: "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB4D669D-D6C4-403E-896D-55EE4EEB7C27", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", matchCriteriaId: "363D4DEE-98B9-4294-B241-1613CAD1A3A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A66936-4268-4990-8E83-24C74A75B9F6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E464FF8D-6202-40BA-9740-9CCE2BC23607", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2DD089FE-0DBF-4C3B-AA02-3A0A27CF9D76", versionEndExcluding: "1.0.4.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E43DA92A-E429-459F-8B34-DDED55F5590B", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9A5FD9A-5AE9-46A2-A1E6-C7BF84EFAD22", versionEndExcluding: "1.0.2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DC332E60-A7DB-41C5-B1ED-FE3EDF83F8BC", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D21ACC48-8B3D-4A0B-BA04-C9709835A66A", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A8D2A56D-4AAA-4E55-AE7A-E343EA9D6133", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "819CC65F-F5DA-4620-BC68-CAAA2B73195D", versionEndExcluding: "1.0.9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E7FE05C-8ACF-4D53-A6D9-2C99673CE41A", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB388895-B579-43B7-A88E-4BD28D41F6E2", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0EE8EBA-C4CD-4CA1-A684-54338B1254A9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F227D99-88C9-457F-BCA5-665F531E04AB", versionEndExcluding: "1.0.0.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE1B60E4-C8FA-4094-9F05-1746A01557D9", versionEndExcluding: "1.0.2.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B72579C-51F1-4F16-8FDE-544229C25B07", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7393D4D7-F607-423E-917E-FE520D7A3A73", versionEndExcluding: "1.0.3.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAAB159C-27F2-4645-9FE4-4DBB4465DE3A", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A79D8A77-4555-4B2A-8F19-F69AD4A17D2E", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "058BC554-8E48-460E-A305-B5CDA8249B28", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2500rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07CEF0FF-41A1-485B-8CDA-DB7AE8ECDB69", versionEndExcluding: "1.0.1.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2500rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "1C4C1B98-9551-4862-AEAC-3D5C313BD275", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AAFDAF9A-711E-497F-8632-0345B635A7C9", versionEndExcluding: "1.0.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DB649EB-E2F9-4E11-B68A-50B0096AF9B6", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF8551B9-72D9-46B8-9F66-EE7841E29A26", versionEndExcluding: "1.0.1.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", matchCriteriaId: "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "832B6460-9984-4441-8E06-F784052FC8CC", versionEndExcluding: "1.1.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", matchCriteriaId: "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6880E178-51E5-47DD-8DE6-59EFDAE4FA0C", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4130E37C-5B30-46E5-90B0-A7D5E163DF02", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C4DA2EE-628D-4F25-9B7E-0F77762139B0", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1.78, JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a D1500 versiones anteriores a 1.0.0.27, D500 versiones anteriores a 1.0.0.27, D6100 versiones anteriores a 1.0.0.57, D6220 versiones anteriores a 1.0.0.40, D6400 versiones anteriores a 1.0.0.74, D7000 versiones anteriores a 1.0.1.60, D7800 versiones anteriores a 1.0.1.34, D8500 versiones anteriores a 1.0.3.39, DGN2200v4 versiones anteriores a 1.0.0.94, DGN2200Bv4 versiones anteriores a 1.0.0.94, EX2700 versiones anteriores a 1.0.1.42, EX3700 versiones anteriores a 1.0.0.64, EX3800 versiones anteriores a 1.0.0.64, EX6000 versiones anteriores a 1.0.0.24, EX6100 versiones anteriores a 1.0.2.18, EX6120 versiones anteriores a 1.0.0.32, EX6130 versiones anteriores a 1.0.0.22, EX6150 versiones anteriores a 1.0.0.34_1.0.70, EX6200 versiones anteriores a 1.0.3.82_1.1.117, EX6400 versiones anteriores a 1.0.1.78, EX7000 versiones anteriores a 1.0.0.56, EX7300 versiones anteriores a 1.0.1.78, JNR1010v2 versiones anteriores a 1.1.0.42, JR6150 versiones anteriores a 1.0. 1.10, JWNR2010v5 versiones anteriores a 1.1.0.42, PR2000 versiones anteriores a 1.0.0.22, R6050 versiones anteriores a 1.0.1.10, R6100 versiones anteriores a 1.0.1.16, R6220 versiones anteriores a 1.1.0.50, R6250 versiones anteriores a 1.0.4.14, R6300v2 versiones anteriores a 1.0.4.12, R6400v2 versiones anteriores a 1.0.2.34, R6700 versiones anteriores a 1.0.1.26, R6900 versiones anteriores a 1.0.1.26, R6900P versiones anteriores a 1.2.0.22, R7000 versiones anteriores a 1.0.9.6, R7000P versiones anteriores a 1.2.0.22, R7100LG versiones anteriores a 1.0.0.40, R7300DST versiones anteriores a 1.0.0.54, R7500 versiones anteriores a 1.0.0.110, R7500v2 versiones anteriores a 1.0.3.26, R7800 versiones anteriores a 1.0.2.44, R7900 versiones anteriores a 1.0.1.26, R8000 versiones anteriores a 1.0.3.48, R8300 versiones anteriores a 1.0.2.104, R8500 versiones anteriores a 1.0.2.104, R9000 versiones anteriores a 1.0.3.10, WN2000RPTv3 versiones anteriores a 1.0.1.26, WN2500RPv2 versiones anteriores a 1.0 .1.46, WN3000RPv3 versiones anteriores a 1.0.2.66, WN3100RPv2 versiones anteriores a 1.0.0.56, WNDR3400v3 versiones anteriores a 1.0.1.14, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR3700v5 versiones anteriores a 1.1.0.54, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48, WNR1000v4 versiones anteriores a 1.1.0.42, WNR2000v5 versiones anteriores a 1.0.0.64, WNR2020 versiones anteriores a 1.1.0.42 y WNR2050 versiones anteriores a 1.1.0.42.", }, ], id: "CVE-2018-21231", lastModified: "2024-11-21T04:03:14.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T15:15:13.003", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:44
Severity ?
Summary
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnr2000_firmware | 1.0.0.70 | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:1.0.0.70:*:*:*:*:*:*:*", matchCriteriaId: "8B60ABCD-0AA5-480D-B56C-DAB3DE808729", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.", }, { lang: "es", value: "Se presenta una vulnerabilidad de denegación de servicio explotable en la funcionalidad de manejo de sesión del servidor HTTP del dispositivo NETGEAR N300 (WNR2000v5 con versión de firmware V1.0.0.70). Una petición HTTP con una cadena User-Agent vacía enviada hacia una página que requiere autenticación puede causar una desreferencia del puntero null, resultando en el bloqueo del servicio HTTP. Un atacante no autenticado puede enviar una petición HTTP especialmente diseñada para desencadenar esta vulnerabilidad.", }, ], id: "CVE-2019-5054", lastModified: "2024-11-21T04:44:15.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:19.353", references: [ { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "talos-cna@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 20:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50 y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21176", lastModified: "2024-11-21T04:03:05.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T20:15:11.897", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 15:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A37AA7DC-5B2C-4E1B-8556-F1C9F6BBE9D7", versionEndExcluding: "1.0.0.55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F3197737-90A5-411B-8F3D-902D7FD3CEB6", versionEndExcluding: "1.0.1.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9984CEE5-F523-4546-AEAD-4361D2BC6D2B", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E8197CA-84A2-4714-8EBB-04BA4B66ED29", versionEndExcluding: "1.0.1.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F227D99-88C9-457F-BCA5-665F531E04AB", versionEndExcluding: "1.0.0.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1F587C0F-5A9A-468B-B680-21EB9700DD4B", versionEndExcluding: "1.0.3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3255D316-04E5-4056-BFFF-38B042167A74", versionEndExcluding: "1.0.2.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C8BF9E6-5EEB-48A3-BF23-30FFB78F339A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a V1.0.0.55, D7800 versiones anteriores a V1.0.1.24, EX6150v2 versiones anteriores a 1.0.0.48, R6100 versiones anteriores a 1.0.1.14, R7500 versiones anteriores a 1.0.0.110, R7500v2 versiones anteriores a V1.0.3.16, R7800 versiones anteriores a V1.0.2. 36, WNDR4300v1 versiones anteriores a 1.0.2.90, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48 y WNR2000v5 versiones anteriores a 1.0.0.48.", }, ], id: "CVE-2017-18773", lastModified: "2024-11-21T03:20:53.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T15:15:11.863", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049556/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2184", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049556/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2184", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 18:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | - | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF86215-ABBD-43EA-B7DE-D3038F4449C6", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:-:*:*:*:*:*:*:*", matchCriteriaId: "7E9F459C-B628-402A-AF4A-72E08FE41837", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.34, DM200 versiones anteriores a 1.0.0.50, R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.0.54, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21149", lastModified: "2024-11-21T04:03:01.247", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T18:15:12.107", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3156", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 17:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D7800 versiones anteriores a 1.0.1.30, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3. 24, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21224", lastModified: "2024-11-21T04:03:13.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T17:15:13.103", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055113/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055113/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2456", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, D7800 versiones anteriores a 1.0.1.34, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1. 0.2.40, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21193", lastModified: "2024-11-21T04:03:08.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.770", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055164/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055164/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2602", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 15:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D3B299C-B097-4287-B250-DA6488970976", versionEndExcluding: "1.0.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F05A673D-1AA7-4DDA-A00C-EBC353777417", versionEndExcluding: "1.0.0.108", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "469F00DE-BE32-4417-AE64-1C6340138928", versionEndExcluding: "1.0.2.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6E8DBB-487E-45DE-990D-AF193F05BA97", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3B5B30F-0159-48B6-BC8D-BF8F2EE519D6", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo CSRF. Esto afecta a R6100 versiones anteriores a 1.0.1.12, R7500 versiones anteriores a 1.0.0.108, WNDR3700v4 versiones anteriores a 1.0.2.86, WNDR4300v1 versiones anteriores a 1.0.2.88, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48 y WNR2000v5 versiones anteriores a 1.0.0.42.", }, ], id: "CVE-2017-18775", lastModified: "2024-11-21T03:20:53.187", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T15:15:12.003", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63465654-D9ED-454C-9A42-0E648952B3B1", versionEndExcluding: "1.0.0.61", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D1E5FEB3-943A-44F7-9803-3B6DBDC1253E", versionEndExcluding: "1.0.0.61", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A37AA7DC-5B2C-4E1B-8556-F1C9F6BBE9D7", versionEndExcluding: "1.0.0.55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2E25FA-14F1-44ED-99D3-B5ED7D898D59", versionEndExcluding: "1.0.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56014B19-02F8-4942-9889-7F3A4EB8F106", versionEndExcluding: "1.0.0.112", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A98819AD-045F-45AE-9579-258E41882CD9", versionEndExcluding: "1.0.3.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3255D316-04E5-4056-BFFF-38B042167A74", versionEndExcluding: "1.0.2.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1664969-D326-4EC5-BF0D-E43820CCB378", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2E8B48-CF6F-488A-A932-246B434CAF1B", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C819040-B30C-4393-9DD4-8E5744B13050", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A66936-4268-4990-8E83-24C74A75B9F6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:*:*:*:*:*:*:*:*", matchCriteriaId: "95E0A938-7669-4B25-97B8-5E3290333DBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a D3600 versiones anteriores a 1.0.0.61, D6000 versiones anteriores a 1.0.0.61, D6100 versiones anteriores a 1.0.0.55, D7800 versiones anteriores a 1.0.1.28, R6100 versiones anteriores a 1.0.1.16, R7500 versiones anteriores a 1.0.0.112, R7500v2 versiones anteriores a 1.0.3.20, R7800 versiones anteriores a 1.0.2.36, R9000 versiones anteriores a 1.0.2.40, WNDR3700v4 versiones anteriores a 1.0.2.88, WNDR4300 versiones anteriores a 1.0.2.90, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48 y WNR2000v5 versiones anteriores a 1.0.0.58.", }, ], id: "CVE-2017-18740", lastModified: "2024-11-21T03:20:48.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T16:15:12.400", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.30, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2. 52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21187", lastModified: "2024-11-21T04:03:07.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.427", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r6900p_firmware | * | |
| netgear | r6900p | - | |
| netgear | r7000_firmware | * | |
| netgear | r7000 | - | |
| netgear | r7000p_firmware | * | |
| netgear | r7000p | - | |
| netgear | r7100lg_firmware | * | |
| netgear | r7100lg | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D55132B3-B7CF-4BB9-B28B-406136D0C97B", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2B5E3F3F-237F-4ADD-8853-CEBE78AAAC36", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A66936-4268-4990-8E83-24C74A75B9F6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A8D2A56D-4AAA-4E55-AE7A-E343EA9D6133", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD7D570E-C5EF-4D3E-BCCF-926DBDB12016", versionEndExcluding: "1.0.9.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E7FE05C-8ACF-4D53-A6D9-2C99673CE41A", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB388895-B579-43B7-A88E-4BD28D41F6E2", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2E8B48-CF6F-488A-A932-246B434CAF1B", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C819040-B30C-4393-9DD4-8E5744B13050", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.68, D6000 versiones anteriores a 1.0.0.68, D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.16, R6900P versiones anteriores a 1.2.0.22, R7000 versiones anteriores a 1.0.9.10, R7000P versiones anteriores a 1.2.0.22, R7100LG versiones anteriores a 1.0.0.40, WNDR3700v4 versiones anteriores a 1.0.2.88, WNDR4300v1 versiones anteriores a 1.0.2.90, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48 y WNR2000v5 versiones anteriores a 1.0.0.58.", }, ], id: "CVE-2017-18762", lastModified: "2024-11-21T03:20:51.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T16:15:11.373", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rbk20_firmware | * | |
| netgear | rbk20 | - | |
| netgear | rbr20_firmware | * | |
| netgear | rbr20 | - | |
| netgear | rbs20_firmware | * | |
| netgear | rbs20 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs50_firmware | * | |
| netgear | rbs50 | - | |
| netgear | rbs40_firmware | * | |
| netgear | rbs40 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "536487B8-FF04-4526-BE91-44437256525C", versionEndExcluding: "1.0.3.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "448D7EA1-A7BB-4AA5-8260-1D533D6A99AC", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1525B9D0-B147-437D-ACAE-58819A1F4FC6", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4515F985-B714-480C-8FBA-2499A29F29FA", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA9F2B44-4114-495A-B200-B703FDFC3F8F", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A25B8627-D325-493B-8B7D-4F900334F0D8", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81ED6C61-2A7C-49EC-BD3D-466442EF715C", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "08426AC6-4811-43E8-87EB-204A2729C49B", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.63, D7800 versiones anteriores a 1.0.1.44, R7500v2 versiones anteriores a 1.0.3. 38, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, RBK20 versiones anteriores a 2.3.0.28, RBR20 versiones anteriores a 2.3.0.28, RBS20 versiones anteriores a 2.3.0. 28, RBK50 versiones anteriores a 2.3.0.32, RBR50 versiones anteriores a 2.3.0.32, RBS50 versiones anteriores a 2.3.0.32, RBS40 versiones anteriores a 2.3.0.28, WNDR3700v4 versiones anteriores a 1.0.2. 102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20724", lastModified: "2024-11-21T04:39:11.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:25.400", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 18:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | ex6100_firmware | * | |
| netgear | ex6100 | v2 | |
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | ex6200_firmware | * | |
| netgear | ex6200 | v2 | |
| netgear | ex6400_firmware | * | |
| netgear | ex6400 | - | |
| netgear | ex7300_firmware | * | |
| netgear | ex7300 | - | |
| netgear | ex8000_firmware | * | |
| netgear | ex8000 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wn2000rpt_firmware | * | |
| netgear | wn2000rpt | v3 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF86215-ABBD-43EA-B7DE-D3038F4449C6", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D8426F7-28E5-4903-8936-B6F8D5733142", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C5401F4-5D39-4A08-BB79-DD6CB2D4C94A", versionEndExcluding: "1.0.1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0CC8DA05-7E8B-4759-9FA8-69626A90662E", versionEndExcluding: "1.0.1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79641CA1-DCB5-4793-A710-CBEC23809C7F", versionEndExcluding: "1.0.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66120328-5681-46E5-86A5-CAC62B9243B9", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "974F3120-1A73-4301-A720-E31C9C27B41C", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C1D8706-BB8E-4EBC-B76C-533062BF86EE", versionEndExcluding: "1.0.0.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "058BC554-8E48-460E-A305-B5CDA8249B28", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AAFDAF9A-711E-497F-8632-0345B635A7C9", versionEndExcluding: "1.0.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B562B414-1A33-4E81-83FF-D8750D977DDC", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, DM200 versiones anteriores a 1.0.0.50, EX2700 versiones anteriores a 1.0.1.32, EX6100v2 versiones anteriores a 1.0.1.70, EX6150v2 versiones anteriores a 1.0.1.70, EX6200v2 versiones anteriores a 1.0.1.62, EX6400 versiones anteriores a 1.0.1.78, EX7300 versiones anteriores a 1.0.1.78, EX8000 versiones anteriores a 1.0.0.114, R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7800 versiones anteriores a 1.0.2.42, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WN2000RPTv3 versiones anteriores a 1.0.1.26, WN3000RPv3 versiones anteriores a 1.0.2.66, WN3100RPv2 versiones anteriores a 1.0.0.42, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21167", lastModified: "2024-11-21T04:03:04.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T18:15:12.670", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 22:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rbk20_firmware | * | |
| netgear | rbk20 | - | |
| netgear | rbr20_firmware | * | |
| netgear | rbr20 | - | |
| netgear | rbs20_firmware | * | |
| netgear | rbs20 | - | |
| netgear | rbk40_firmware | * | |
| netgear | rbk40 | - | |
| netgear | rbs40_firmware | * | |
| netgear | rbs40 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs50_firmware | * | |
| netgear | rbs50 | - | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A6C9089-563D-4345-90C7-D2D512382BF1", versionEndExcluding: "1.0.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03798255-94BA-427C-8B2D-0861CD5FF730", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D54BE2-47EB-48F1-A6D0-FB0A2F5094C4", versionEndExcluding: "1.0.2.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5AC056A-DF92-4CA7-9919-2C9BDAE3C32D", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F1F914AD-70DC-47F5-A2F7-672DBE89C62E", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "448D7EA1-A7BB-4AA5-8260-1D533D6A99AC", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1525B9D0-B147-437D-ACAE-58819A1F4FC6", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4515F985-B714-480C-8FBA-2499A29F29FA", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CC5263E-71E4-4B63-AD77-D1E72DC704B0", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "08426AC6-4811-43E8-87EB-204A2729C49B", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA9F2B44-4114-495A-B200-B703FDFC3F8F", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A25B8627-D325-493B-8B7D-4F900334F0D8", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81ED6C61-2A7C-49EC-BD3D-466442EF715C", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6FCA6E-55DB-4D65-BD80-BF186C2F04FB", versionEndExcluding: "1.0.2.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3AC696D-EFAB-4DFF-A908-BCF1D58A4AFD", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D7800 versiones anteriores a 1.0.1.44, DM200 versiones anteriores a 1.0.0.58, R7800 versiones anteriores a 1.0.2. 58, R8900 versiones anteriores a 1.0.4.12, R9000 versiones anteriores a 1.0.4.12, RBK20 versiones anteriores a 2.3.0.28, RBR20 versiones anteriores a 2.3.0.28, RBS20 versiones anteriores a 2.3.0.28, RBK40 versiones anteriores a 2.3.0. 28, RBS40 versiones anteriores a 2.3.0.28, RBK50 versiones anteriores a 2.3.0.32, RBR50 versiones anteriores a 2.3.0.32, RBS50 versiones anteriores a 2.3.0.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1. 0.2.70, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, y WNR2000v5 versiones anteriores a 1.0.0.68.", }, ], id: "CVE-2019-20752", lastModified: "2024-11-21T04:39:16.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T22:15:12.727", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060967/Security-Advisory-for-Site-Stored-Cross-Scripting-on-Some-Gateways-Routers-and-WiFi-Systems-PSV-2018-0250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060967/Security-Advisory-for-Site-Stored-Cross-Scripting-on-Some-Gateways-Routers-and-WiFi-Systems-PSV-2018-0250", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA3E7329-F839-4DD3-921F-B9E8DEDC8F12", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D34DD834-FE59-4F04-9448-FDC385CF70F6", versionEndExcluding: "1.0.4.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEF7967B-5FA3-4D43-BEC5-2644FBB1D168", versionEndExcluding: "1.0.4.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F3D02E3-8FA1-4129-A4B2-25235AF0E49C", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.60, D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, R9000 versiones anteriores a 1.0.4.26, R8900 versiones anteriores a 1.0.4.26, R7800 versiones anteriores a 1.0.2.52, WNDR4500v3 versiones anteriores a 1.0.0.58, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4300 versiones anteriores a 1.0.2.104, WNDR3700v4 versiones anteriores a 1.0.2.102 y WNR2000v5 versiones anteriores a 1.0.0.66.", }, ], id: "CVE-2019-20767", lastModified: "2024-11-21T04:39:18.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:18.560", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 15:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2E25FA-14F1-44ED-99D3-B5ED7D898D59", versionEndExcluding: "1.0.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A98819AD-045F-45AE-9579-258E41882CD9", versionEndExcluding: "1.0.3.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2E8B48-CF6F-488A-A932-246B434CAF1B", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a D7800 versiones anteriores a 1.0.1.28, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.88, WNDR4300 versiones anteriores a 1.0.2.90, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48 y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2017-18705", lastModified: "2024-11-21T03:20:42.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T15:15:12.677", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000053197/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0526", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000053197/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0526", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2E8B48-CF6F-488A-A932-246B434CAF1B", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C819040-B30C-4393-9DD4-8E5744B13050", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a WNDR3700v4 versiones anteriores a 1.0.2.88, WNDR4300v1 versiones anteriores a 1.0.2.90 y WNR2000v5 versiones anteriores a 1.0.0.58.", }, ], id: "CVE-2017-18754", lastModified: "2024-11-21T03:20:50.367", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T17:15:11.667", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.30, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21188", lastModified: "2024-11-21T04:03:07.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.487", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055169/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055169/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2607", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1., JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47DB7AAC-5EE3-4912-A44F-C9D5BF42B01C", versionEndExcluding: "1.0.0.27", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d1500:-:*:*:*:*:*:*:*", matchCriteriaId: "78DC8809-C26D-48D8-9E12-228C3669B824", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B5A5FCA-6198-4DF7-B395-F266C2B6270C", versionEndExcluding: "1.0.0.27", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d500:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE070E3-C0B1-455F-83A9-5C60C489816F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8AA0851-BFD5-45F6-9673-CA4B83D8B844", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EEA190-2E9C-4586-BF81-B115532FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD763D04-70A0-4A50-8866-330B82703680", versionEndExcluding: "1.0.0.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", matchCriteriaId: "7D30939B-86E3-4C78-9B05-686B4994C8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82EB2B81-08D9-4C81-B6DE-8D1FCAEC485A", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5E70AF3-FFD8-4ACD-9F4C-DB03BFB1125A", versionEndExcluding: "1.0.3.39", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", matchCriteriaId: "814A0114-9A1D-4EA0-9AF4-6968514E4F01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FCA60A85-77FF-41BF-89FA-7EB3ACFECDB8", versionEndExcluding: "1.0.0.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*", matchCriteriaId: "099184A0-F1C6-4C3F-9C3B-F0B9AC0D4D14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5C27C8A-1B80-47CD-B015-14588F4F8732", versionEndExcluding: "1.0.0.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*", matchCriteriaId: "25090794-A90C-40CD-8E95-87EC4E98B928", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C309FEFF-5FB1-41BB-B9C5-97CFAC29892C", versionEndExcluding: "1.0.1.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B79CB764-3B62-4C39-9B68-A7C949EA91BE", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*", matchCriteriaId: "CDAA5899-B73C-4690-853E-B5400F034BE1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72C578B9-6D52-492F-854F-067EB36F84B1", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*", matchCriteriaId: "CC5488D9-651C-4BAB-A141-06B816690D42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "520E4E2B-FF48-4B11-8A41-975B1A5E9FA2", versionEndExcluding: "1.0.0.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*", matchCriteriaId: "02E7CA7E-E6CA-4BAB-8F40-4731EA523D91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4707A6F6-9586-47FF-8E1A-55D950D8CE19", versionEndExcluding: "1.0.2.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*", matchCriteriaId: "AB84CD03-765C-4D4F-A176-364F8E72A4E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC81E61-E8CD-4929-A1E2-C1B620BCC3E7", versionEndExcluding: "1.0.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*", matchCriteriaId: "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09C02A78-A382-43A0-A20F-D6521F6DD57F", versionEndExcluding: "1.0.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*", matchCriteriaId: "305E295C-9C73-4798-A0BE-7973E1EE5EAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5E1BEB0-8AA0-423B-A0A2-966341402819", versionEndExcluding: "1.0.0.34_1.0.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:-:*:*:*:*:*:*:*", matchCriteriaId: "46452E97-9347-4788-9570-1EECECC7255E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1C96EDAD-1985-4AB7-9FF1-C67A5D274C99", versionEndExcluding: "1.0.3.82_1.1.117", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", matchCriteriaId: "3186CC67-B567-4A0C-BD2C-0433716FBD1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66120328-5681-46E5-86A5-CAC62B9243B9", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "274A58AC-3E28-411B-8495-2ADD184CFAE6", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*", matchCriteriaId: "9F45B620-60B8-40F3-A055-181ADD71EFFF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07099566-F207-43C4-BCB0-09468E249888", versionEndExcluding: "1.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0005DB1D-49BA-4099-89DC-5B4C9AA8BF6F", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B5D8AD4-6C67-4DC7-99DF-B29DBA4BC376", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", matchCriteriaId: "D67167E5-81D2-4892-AF41-CBB6271232D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8D0FEB73-5572-48DE-86BE-055364878989", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E111C4B-C1D5-403A-A35F-D538E16D0E23", versionEndExcluding: "1.0.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", matchCriteriaId: "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB4D669D-D6C4-403E-896D-55EE4EEB7C27", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", matchCriteriaId: "363D4DEE-98B9-4294-B241-1613CAD1A3A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A66936-4268-4990-8E83-24C74A75B9F6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E464FF8D-6202-40BA-9740-9CCE2BC23607", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2DD089FE-0DBF-4C3B-AA02-3A0A27CF9D76", versionEndExcluding: "1.0.4.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", matchCriteriaId: "321BE843-52C4-4638-A321-439CA7B3A6F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E43DA92A-E429-459F-8B34-DDED55F5590B", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*", matchCriteriaId: "10938043-F7DF-42C3-8C16-F92CAF8E5576", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9A5FD9A-5AE9-46A2-A1E6-C7BF84EFAD22", versionEndExcluding: "1.0.2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DC332E60-A7DB-41C5-B1ED-FE3EDF83F8BC", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", matchCriteriaId: "21B27F11-4262-4CE1-8107-B365A7C152F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D21ACC48-8B3D-4A0B-BA04-C9709835A66A", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", matchCriteriaId: "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A8D2A56D-4AAA-4E55-AE7A-E343EA9D6133", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "819CC65F-F5DA-4620-BC68-CAAA2B73195D", versionEndExcluding: "1.0.9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4E7FE05C-8ACF-4D53-A6D9-2C99673CE41A", versionEndExcluding: "1.2.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB388895-B579-43B7-A88E-4BD28D41F6E2", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0EE8EBA-C4CD-4CA1-A684-54338B1254A9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*", matchCriteriaId: "C75148EB-DE6C-4C5C-BF34-4800A66CF11C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F227D99-88C9-457F-BCA5-665F531E04AB", versionEndExcluding: "1.0.0.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE1B60E4-C8FA-4094-9F05-1746A01557D9", versionEndExcluding: "1.0.2.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B72579C-51F1-4F16-8FDE-544229C25B07", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", matchCriteriaId: "C484840F-AF30-4B5C-821A-4DB9BE407BDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7393D4D7-F607-423E-917E-FE520D7A3A73", versionEndExcluding: "1.0.3.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DAAB159C-27F2-4645-9FE4-4DBB4465DE3A", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9B77E7-7439-48C6-989F-5E22CB4D3044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A79D8A77-4555-4B2A-8F19-F69AD4A17D2E", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "058BC554-8E48-460E-A305-B5CDA8249B28", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2500rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07CEF0FF-41A1-485B-8CDA-DB7AE8ECDB69", versionEndExcluding: "1.0.1.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2500rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "1C4C1B98-9551-4862-AEAC-3D5C313BD275", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AAFDAF9A-711E-497F-8632-0345B635A7C9", versionEndExcluding: "1.0.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DB649EB-E2F9-4E11-B68A-50B0096AF9B6", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF8551B9-72D9-46B8-9F66-EE7841E29A26", versionEndExcluding: "1.0.1.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*", matchCriteriaId: "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "832B6460-9984-4441-8E06-F784052FC8CC", versionEndExcluding: "1.1.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", matchCriteriaId: "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6880E178-51E5-47DD-8DE6-59EFDAE4FA0C", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4130E37C-5B30-46E5-90B0-A7D5E163DF02", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C4DA2EE-628D-4F25-9B7E-0F77762139B0", versionEndExcluding: "1.1.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1., JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a D1500 versiones anteriores a 1.0.0.27, D500 versiones anteriores a 1.0.0.27, D6100 versiones anteriores a 1.0.0.57, D6220 versiones anteriores a 1.0.0.40, D6400 versiones anteriores a 1.0.0.74, D7000 versiones anteriores a 1.0.1.60, D7800 versiones anteriores a 1.0.1.34, D8500 versiones anteriores a 1.0.3.39, DGN2200v4 versiones anteriores a 1.0.0.94, DGN2200Bv4 versiones anteriores a 1.0.0.94, EX2700 versiones anteriores a 1.0.1.42, EX3700 versiones anteriores a 1.0.0.64, EX3800 versiones anteriores a 1.0.0.64, EX6000 versiones anteriores a 1.0.0.24, EX6100 versiones anteriores a 1.0.2.18, EX6120 versiones anteriores a 1.0.0.32, EX6130 versiones anteriores a 1.0.0.22, EX6150 versiones anteriores a 1.0.0.34_1.0.70, EX6200 versiones anteriores a 1.0.3.82_1.1.117, EX6400 versiones anteriores a 1.0.1.78, EX7000 versiones anteriores a 1.0.0.56, EX7300 versiones anteriores a 1.0.1., JNR1010v2 versiones anteriores a 1.1.0.42, JR6150 versiones anteriores a 1.0 .1.10, JWNR2010v5 versiones anteriores a 1.1.0.42, PR2000 versiones anteriores a 1.0.0.22, R6050 versiones anteriores a 1.0.1.10, R6100 versiones anteriores a 1.0.1.16, R6220 versiones anteriores a 1.1.0.50, R6250 versiones anteriores a 1.0.4.14, R6300v2 versiones anteriores a 1.0.4.12, R6400v2 versiones anteriores a 1.0.2.34 , R6700 versiones anteriores a 1.0.1.26, R6900 versiones anteriores a 1.0.1.26, R6900P versiones anteriores a 1.2.0.22, R7000 versiones anteriores a 1.0.9.6, R7000P versiones anteriores a 1.2.0.22, R7100LG versiones anteriores a 1.0.0.40, R7300DST versiones anteriores a 1.0.0.54, R7500 versiones anteriores a 1.0.0.110, R7500v2 versiones anteriores a 1.0.3.26, R7800 versiones anteriores a 1.0.2.44, R7900 versiones anteriores a 1.0.1.26, R8000 versiones anteriores a 1.0.3.48, R8300 versiones anteriores a 1.0.2.104, R8500 versiones anteriores a 1.0.2.104, R9000 versiones anteriores a 1.0.3.10, WN2000RPTv3 versiones anteriores a 1.0.1.26, WN2500RPv2 versiones anteriores a 1.0 .1.46, WN3000RPv3 versiones anteriores a 1.0.2.66, WN3100RPv2 versiones anteriores a 1.0.0.56, WNDR3400v3 versiones anteriores a 1.0.1.14, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR3700v5 versiones anteriores a 1.1.0.54, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48, WNR1000v4 versiones anteriores a 1.1.0.42, WNR2000v5 versiones anteriores a 1.0.0.64, WNR2020 versiones anteriores a 1.1.0.42 y WNR2050 versiones anteriores a 1.1.0.42.", }, ], id: "CVE-2018-21230", lastModified: "2024-11-21T04:03:14.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T15:15:12.957", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055104/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055104/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0117", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-05 14:15
Modified
2024-11-21 03:21
Severity ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | 6r7500_firmware | * | |
| netgear | 6r7500 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:6r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C71CCA3-7611-4B0F-8CE6-A7B5CBA747F5", versionEndExcluding: "1.0.0.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:6r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "28934607-8D50-4691-824D-BA3586572B3F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A69E079C-1158-48A2-8F0B-51F8F436E63C", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A98819AD-045F-45AE-9579-258E41882CD9", versionEndExcluding: "1.0.3.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3255D316-04E5-4056-BFFF-38B042167A74", versionEndExcluding: "1.0.2.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1664969-D326-4EC5-BF0D-E43820CCB378", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C819040-B30C-4393-9DD4-8E5744B13050", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a R9000 versiones anteriores a 1.0.2.40, R6100 versiones anteriores a 1.0.1.1, 6R7500 versiones anteriores a 1.0.0.110, R7500v2 versiones anteriores a 1.0.3.20, R7800 versiones anteriores a 1.0.2.36, WNDR4300v2 versiones anteriores a 1.0.0.48, y WNR2000v5 versiones anteriores a 1.0.0.58.", }, ], id: "CVE-2017-18866", lastModified: "2024-11-21T03:21:07.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-05T14:15:12.327", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 20:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a la versión 1.0.0.57, R6100 versiones anteriores a la versión 1.0.1.20, R7800 versiones anteriores a la versión 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21175", lastModified: "2024-11-21T04:03:05.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T20:15:11.837", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | jnr1010_firmware | * | |
| netgear | jnr1010 | v2 | |
| netgear | jr6150_firmware | * | |
| netgear | jr6150 | - | |
| netgear | jwnr2010_firmware | * | |
| netgear | jwnr2010 | v5 | |
| netgear | r6050_firmware | * | |
| netgear | r6050 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v5 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr1000_firmware | * | |
| netgear | wnr1000 | v4 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | wnr2020_firmware | * | |
| netgear | wnr2020 | - | |
| netgear | wnr2050_firmware | * | |
| netgear | wnr2050 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9E7939-E195-44AB-8880-D0BCF26BF2E0", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4B5D8AD4-6C67-4DC7-99DF-B29DBA4BC376", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", matchCriteriaId: "D67167E5-81D2-4892-AF41-CBB6271232D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34429B2B-D8CB-4BEC-B5FA-5C7F8AC9A1FE", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB4D669D-D6C4-403E-896D-55EE4EEB7C27", versionEndExcluding: "1.0.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", matchCriteriaId: "363D4DEE-98B9-4294-B241-1613CAD1A3A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01A66936-4268-4990-8E83-24C74A75B9F6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E464FF8D-6202-40BA-9740-9CCE2BC23607", versionEndExcluding: "1.1.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56014B19-02F8-4942-9889-7F3A4EB8F106", versionEndExcluding: "1.0.0.112", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A98819AD-045F-45AE-9579-258E41882CD9", versionEndExcluding: "1.0.3.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3255D316-04E5-4056-BFFF-38B042167A74", versionEndExcluding: "1.0.2.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1664969-D326-4EC5-BF0D-E43820CCB378", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2E8B48-CF6F-488A-A932-246B434CAF1B", versionEndExcluding: "1.0.2.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD1F416B-C938-4AE3-B93E-03087575FF40", versionEndExcluding: "1.1.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", matchCriteriaId: "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0CAC32-5F12-45E6-AC84-D9D5020A41E6", versionEndExcluding: "1.0.2.90", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9591B73B-93BF-4976-998B-0200C990EF6A", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5684DEA-5F12-4E72-B8D1-C5F3E1D22726", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C819040-B30C-4393-9DD4-8E5744B13050", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36CCD48D-4474-4363-8DE6-846714B99D3D", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "436026D2-0B8E-4BA5-AD34-9EB285EDA78A", versionEndExcluding: "1.1.0.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo CSRF. Esto afecta a JNR1010v2 versiones anteriores a 1.1.0.44, JR6150 versiones anteriores a 1.0.1.10, JWNR2010v5 versiones anteriores a 1.1.0.44, R6050 versiones anteriores a 1.0.1.10, R6100 versiones anteriores a 1.0.1.16, R6220 versiones anteriores a 1.1.0.50, R7500 versiones anteriores a 1.0.0.112, R7500v2 versiones anteriores a 1.0.3.20, R7800 versiones anteriores a 1.0.2.36, R9000 versiones anteriores a 1.0.2.40, WNDR3700v4 versiones anteriores a 1.0.2.88, WNDR3700v5 versiones anteriores a 1.1.0.48, WNDR4300 versiones anteriores a 1.0.2.90, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0.0.48, WNR1000v4 versiones anteriores a 1.1.0.44, WNR2 1.0.0.58, WNR2020 versiones anteriores a 1.1.0.44 y WNR2050 versiones anteriores a 1.1.0.44.", }, ], id: "CVE-2017-18749", lastModified: "2024-11-21T03:20:49.723", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T16:15:12.993", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 20:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF86215-ABBD-43EA-B7DE-D3038F4449C6", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 en versiones anteriores a la 1.0.1.34, DM200 en versiones anteriores a la 1.0.0.50, R6100 en versiones anteriores a la 1.0.1.22, R7500 en versiones anteriores a la 1.0.0.122, R7500v2 en versiones anteriores a la 1.0.3.26, R7800 en versiones anteriores a la 1.0.2.42, R8900 en versiones anteriores a la 1. 0.3.10, R9000 en versiones anteriores a la 1.0.3.10, WNDR3700v4 en versiones anteriores a la 1.0.2.96, WNDR4300 en versiones anteriores a la 1.0.2.98, WNDR4300v2 en versiones anteriores a la 1.0.0.54, WNDR4500v3 en versiones anteriores a la 1.0.0.54, y WNR2000v5 en versiones anteriores a la 1.0.0.64.", }, ], id: "CVE-2018-21150", lastModified: "2024-11-21T04:03:01.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T20:15:11.107", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 21:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "600F0894-2001-4681-8B7C-AE24B3C81EA4", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B722D956-799F-4A5D-9C4B-5EE2349DB17E", versionEndExcluding: "1.0.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DF79787-9BE5-4B8F-A243-FE638936D377", versionEndExcluding: "1.0.3.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93C7D5A8-3B1D-4DCD-ACB6-8629CE598C25", versionEndExcluding: "1.0.3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79E7E940-B043-40A7-9347-331DF006656E", versionEndExcluding: "1.0.0.74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*", matchCriteriaId: "1742BD56-84E4-40E1-8C04-098B3715161E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "712E83F9-2AC9-45B1-B0D6-E780CB8D9365", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "850B682D-1D78-489A-8988-5D588EB975AC", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5B0AB512-7926-4D78-87A2-FFBD56F7D2CA", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F58362EC-24C5-4EC3-9475-328469DABFD2", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B49E5051-D9AF-4852-8BDF-6F9C61CB5519", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F1FE395-0B10-4AA8-A178-D87E93CFA5D5", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF2AEEF3-EB66-48D5-A39D-675D7093F5A2", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8517632E-5C50-4A30-A9EE-7205A014619F", versionEndExcluding: "2.3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:srk60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9523D09C-0039-4449-8741-0EF066547B0E", versionEndExcluding: "2.2.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:srk60:-:*:*:*:*:*:*:*", matchCriteriaId: "DCC347EB-699E-4626-A944-2D378101DDCF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:srr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0C60C13B-937F-4278-A7D8-465B2E59664D", versionEndExcluding: "2.2.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:srr60:-:*:*:*:*:*:*:*", matchCriteriaId: "55E6F589-04DA-431C-9E03-BA2A59BB0E4A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:srs60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9204657B-18EE-4E6F-A7B5-3A1F65E20352", versionEndExcluding: "2.2.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:srs60:-:*:*:*:*:*:*:*", matchCriteriaId: "BFB01247-A20F-41CA-8718-E8E60E7F14B3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94398B78-9F11-4AD2-A518-3A81CDD72E88", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68F195E4-0A6D-400B-8F48-3EA07DC3A3ED", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F3D02E3-8FA1-4129-A4B2-25235AF0E49C", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.58, D7800 versiones anteriores a 1.0.1.40, R7500v2 versiones anteriores a 1.0.3.34, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1. 0.3.16, RAX120 versiones anteriores a 1.0.0.74, RBK20 versiones anteriores a 2.3.0.22, RBR20 versiones anteriores a 2.3.0.22, RBS20 versiones anteriores a 2.3.0.22, RBK50 versiones anteriores a 2.3.0.22, RBR50 versiones anteriores a 2.3. 0,22, RBS50 versiones anteriores a 2.3.0.22, RBK40 versiones anteriores a 2.3.0.22, RBS40 versiones anteriores a 2.3.0.22, SRK60 versiones anteriores a 2.2.0.64, SRR60 versiones anteriores a 2.2.0.64, SRS60 versiones anteriores a 2.2.0. 64, WNDR3700v4 versiones anteriores a 1.0.2.102, WNDR4300 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.56, WNDR4500v3 versiones anteriores a 1.0.0.56, y WNR2000v5 versiones anteriores a 1.0.0.66.", }, ], id: "CVE-2019-20747", lastModified: "2024-11-21T04:39:15.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T21:15:12.817", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060962/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060962/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0032", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.63, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WNDR3700v4 versiones anteriores a 1. 0.2.102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20726", lastModified: "2024-11-21T04:39:11.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:25.527", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 18:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF86215-ABBD-43EA-B7DE-D3038F4449C6", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D8426F7-28E5-4903-8936-B6F8D5733142", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C5401F4-5D39-4A08-BB79-DD6CB2D4C94A", versionEndExcluding: "1.0.1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0CC8DA05-7E8B-4759-9FA8-69626A90662E", versionEndExcluding: "1.0.1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79641CA1-DCB5-4793-A710-CBEC23809C7F", versionEndExcluding: "1.0.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66120328-5681-46E5-86A5-CAC62B9243B9", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8E04A47C-ACFE-4B89-A256-3CA699A1B4A5", versionEndExcluding: "1.0.1.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C1D8706-BB8E-4EBC-B76C-533062BF86EE", versionEndExcluding: "1.0.0.114", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "058BC554-8E48-460E-A305-B5CDA8249B28", versionEndExcluding: "1.0.1.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E0DB980-BC4C-4686-B3EB-A8D9FFC720F1", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AAFDAF9A-711E-497F-8632-0345B635A7C9", versionEndExcluding: "1.0.2.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:-:*:*:*:*:*:*:*", matchCriteriaId: "E449BEE1-DFE7-413C-B15E-4E6EE6FB84CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DB649EB-E2F9-4E11-B68A-50B0096AF9B6", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.34, DM200 versiones anteriores a 1.0.0.50, EX2700 versiones anteriores a 1.0.1.32, EX6100v2 versiones anteriores a 1.0.1.70, EX6150v2 versiones anteriores a 1.0.1.70, EX6200v2 versiones anteriores a 1.0.1.62, EX6400 versiones anteriores a 1.0.1.78, EX7300 versiones anteriores a 1.0.1.62, EX8000 versiones anteriores a 1.0.0.114, R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.26, R7800 versiones anteriores a 1.0.2.40, R8900 versiones anteriores a 1.0.3.10, R9000 versiones anteriores a 1.0.3.10, WN2000RPTv3 versiones anteriores a 1.0.1.26, WN3000RPv2 versiones anteriores a 1.0.0.56, WN3000RPv3 versiones anteriores a 1.0.2.66, WN3100RPv2 versiones anteriores a 1.0.0.56, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.54, WNDR4500v3 versiones anteriores a 1.0.0.54 y WNR2000v5 versiones anteriores a 1.0.0.64.", }, ], id: "CVE-2018-21153", lastModified: "2024-11-21T04:03:01.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T18:15:12.230", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059480/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Gateways-Routers-and-Extenders-PSV-2017-3136", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059480/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Gateways-Routers-and-Extenders-PSV-2017-3136", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.63, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WNDR3700v4 versiones anteriores a 1.0.2. 102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20727", lastModified: "2024-11-21T04:39:11.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:25.587", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061201/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061201/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0139", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 20:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33C16A69-C930-4DA3-8750-EB50F2827731", versionEndExcluding: "1.0.0.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6000 versiones anteriores a 1.0.0.72, D6100 versiones anteriores a 1.0.0.63, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WNDR3700v4 versiones anteriores a 1. 0.2.102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20736", lastModified: "2024-11-21T04:39:13.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T20:15:13.680", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061190/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061190/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0133", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | ex6100_firmware | * | |
| netgear | ex6100 | v2 | |
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | ex6200_firmware | * | |
| netgear | ex6200 | v2 | |
| netgear | ex6400_firmware | * | |
| netgear | ex6400 | - | |
| netgear | ex7300_firmware | * | |
| netgear | ex7300 | - | |
| netgear | ex8000_firmware | * | |
| netgear | ex8000 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wn2000rpt_firmware | * | |
| netgear | wn2000rpt | v3 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v1 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DE5478F-11CE-4730-AC60-64ACE7BBB03A", versionEndExcluding: "1.0.0.63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "733650A8-D797-43B2-851E-1B364C9E7100", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC89483B-6D99-4A1B-A513-B50EA44DA963", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "542F7529-27DB-41F1-A8E4-FA7A596E5DCC", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3223C7E1-06DF-4CAA-89DD-611435165F49", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0A1B4BD-9DD6-4999-B0FA-F843713C991F", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2138C164-530B-4F97-8107-035F9D0852B0", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F6F80A7-3B51-46FD-854E-D848F7906048", versionEndExcluding: "1.0.1.180", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F52E74FF-6E04-4F96-966C-4355B38CF4DE", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2110965C-E19B-48D2-954D-145C45D0E7EF", versionEndExcluding: "1.0.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "317AE6B1-BA33-49DF-A839-A49C5493996E", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3AC696D-EFAB-4DFF-A908-BCF1D58A4AFD", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FD376891-1FB6-48B7-A4B3-C3C2C6E92C39", versionEndExcluding: "1.0.2.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFDF78E-8CC6-47B8-B70D-352F778CBF2C", versionEndExcluding: "1.0.2.104", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", matchCriteriaId: "D99E146D-B278-4CA6-8156-7D9923015779", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.63, EX2700 versiones anteriores a 1.0.1.48, EX6100v2 versiones anteriores a 1.0.1.76, EX6150v2 versiones anteriores a 1.0.1. 76, EX6200v2 versiones anteriores a 1.0.1.72, EX6400 versiones anteriores a 1.0.2.136, EX7300 versiones anteriores a 1.0.2.136, EX8000 versiones anteriores a 1.0.1.180, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0. 4.2, R9000 versiones anteriores a 1.0.4.2, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR3700v4 versiones anteriores a 1.0.2. 102, WNDR4300v1 versiones anteriores a 1.0.2.104, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20689", lastModified: "2024-11-21T04:39:05.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:23.307", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 21:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | rbk20_firmware | * | |
| netgear | rbk20 | - | |
| netgear | rbr20_firmware | * | |
| netgear | rbr20 | - | |
| netgear | rbs20_firmware | * | |
| netgear | rbs20 | - | |
| netgear | rbk40_firmware | * | |
| netgear | rbk40 | - | |
| netgear | rbs40_firmware | * | |
| netgear | rbs40 | - | |
| netgear | rbk50_firmware | * | |
| netgear | rbk50 | - | |
| netgear | rbr50_firmware | * | |
| netgear | rbr50 | - | |
| netgear | rbs50_firmware | * | |
| netgear | rbs50 | - | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D38D448-A21A-4AB2-A641-A295EDBF6631", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF892705-E77B-470C-8262-3579349D5F32", versionEndExcluding: "1.0.0.75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A6C9089-563D-4345-90C7-D2D512382BF1", versionEndExcluding: "1.0.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03798255-94BA-427C-8B2D-0861CD5FF730", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D54BE2-47EB-48F1-A6D0-FB0A2F5094C4", versionEndExcluding: "1.0.2.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5AC056A-DF92-4CA7-9919-2C9BDAE3C32D", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00486628-82C7-40F7-B649-1682BBEA484A", versionEndExcluding: "1.0.4.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "448D7EA1-A7BB-4AA5-8260-1D533D6A99AC", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1525B9D0-B147-437D-ACAE-58819A1F4FC6", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4515F985-B714-480C-8FBA-2499A29F29FA", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CC5263E-71E4-4B63-AD77-D1E72DC704B0", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "08426AC6-4811-43E8-87EB-204A2729C49B", versionEndExcluding: "2.3.0.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA9F2B44-4114-495A-B200-B703FDFC3F8F", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A25B8627-D325-493B-8B7D-4F900334F0D8", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81ED6C61-2A7C-49EC-BD3D-466442EF715C", versionEndExcluding: "2.3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6FCA6E-55DB-4D65-BD80-BF186C2F04FB", versionEndExcluding: "1.0.2.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B3AC696D-EFAB-4DFF-A908-BCF1D58A4AFD", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS reflejado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D7800 versiones anteriores a 1.0.1.44, DM200 versiones anteriores a 1.0.0.58, R7800 versiones anteriores a 1.0.2. 58, R8900 versiones anteriores a 1.0.4.12, R9000 versiones anteriores a 1.0.4.8, RBK20 versiones anteriores a 2.3.0.28, RBR20 versiones anteriores a 2.3.0.28, RBS20 versiones anteriores a 2.3.0.28, RBK40 versiones anteriores a 2.3.0. 28, RBS40 versiones anteriores a 2.3.0.28, RBK50 versiones anteriores a 2.3.0.32, RBR50 versiones anteriores a 2.3.0.32, RBS50 versiones anteriores a 2.3.0.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1. 0.2.70, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, y WNR2000v5 versiones anteriores a 1.0.0.68.", }, ], id: "CVE-2019-20746", lastModified: "2024-11-21T04:39:15.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T21:15:12.767", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9ACBF492-1315-46CF-8297-E239DDB14B6B", versionEndExcluding: "1.0.3.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.34, R6100 versiones anteriores a 1.0.1.22, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.26, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1. 0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21197", lastModified: "2024-11-21T04:03:09.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:13.043", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-22 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | dst6501_firmware | * | |
| netgear | dst6501 | - | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dst6501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F256FC0A-7041-41D7-B0FE-624E34DC66C3", versionEndExcluding: "1.1.0.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dst6501:-:*:*:*:*:*:*:*", matchCriteriaId: "909AF8E7-A2CB-4CB0-A795-FEFBB53D95B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9A59121-B980-46B4-ABB8-13DEAE8F3923", versionEndExcluding: "1.2.0.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v2:*:*:*:*:*:*:*", matchCriteriaId: "C5085749-A0E2-448D-B26B-7E25400F1C12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una capacidad del atacante para leer archivos arbitrarios. Esto afecta a DST6501 versiones anteriores a 1.1.0.6 y WNR2000v2 versiones anteriores a 1.2.0.8.", }, ], id: "CVE-2017-18766", lastModified: "2024-11-21T03:20:52.057", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-22T16:15:11.607", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 13:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB24F17D-A9A8-4EF9-BF53-580395D60EFC", versionEndExcluding: "1.0.1.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, D7800 versiones anteriores a 1.0.1.34, R7500 versiones anteriores a 1.0.0.122, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1. 0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21185", lastModified: "2024-11-21T04:03:07.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T13:15:12.747", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21201", lastModified: "2024-11-21T04:03:09.720", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:13.263", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055148/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055148/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2591", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | ex6100_firmware | * | |
| netgear | ex6100 | v2 | |
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | ex6200_firmware | * | |
| netgear | ex6200 | v2 | |
| netgear | ex6400_firmware | * | |
| netgear | ex6400 | - | |
| netgear | ex7300_firmware | * | |
| netgear | ex7300 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wn2000rpt_firmware | * | |
| netgear | wn2000rpt | v3 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | xr450_firmware | * | |
| netgear | xr450 | - | |
| netgear | xr500_firmware | * | |
| netgear | xr500 | - | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEF729AE-1D95-448C-80FA-8FAE723C1EC3", versionEndExcluding: "1.0.1.47", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "733650A8-D797-43B2-851E-1B364C9E7100", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC89483B-6D99-4A1B-A513-B50EA44DA963", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "542F7529-27DB-41F1-A8E4-FA7A596E5DCC", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3223C7E1-06DF-4CAA-89DD-611435165F49", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0A1B4BD-9DD6-4999-B0FA-F843713C991F", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", matchCriteriaId: "1289BBB4-1955-46A4-B5FE-BF11153C24F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2138C164-530B-4F97-8107-035F9D0852B0", versionEndExcluding: "1.0.2.136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", matchCriteriaId: "F285D60D-A5DA-4467-8F79-15EF8135D007", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "536487B8-FF04-4526-BE91-44437256525C", versionEndExcluding: "1.0.3.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5AC056A-DF92-4CA7-9919-2C9BDAE3C32D", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F1F914AD-70DC-47F5-A2F7-672DBE89C62E", versionEndExcluding: "1.0.4.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "317AE6B1-BA33-49DF-A839-A49C5493996E", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6FCA6E-55DB-4D65-BD80-BF186C2F04FB", versionEndExcluding: "1.0.2.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A480981E-57ED-47E3-B9AB-190E4783DC04", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "804E18F1-4621-4650-9015-49A9137A0C39", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", matchCriteriaId: "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26", versionEndExcluding: "2.3.2.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", matchCriteriaId: "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F3D02E3-8FA1-4129-A4B2-25235AF0E49C", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a D7800 versiones anteriores a 1.0.1.47, EX2700 versiones anteriores a 1.0.1.48, EX6100v2 versiones anteriores a 1.0.1.76, EX6150v2 versiones anteriores a 1.0.1.76, EX6200v2 versiones anteriores a 1.0.1.72, EX6400 versiones anteriores a 1.0.2.136, EX7300 versiones anteriores a 1.0.2.136, R7500v2 versiones anteriores a 1.0.3.38, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4. 12, R9000 versiones anteriores a 1.0.4.12, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1.0.2.70, WN3100RPv2 versiones anteriores a 1.0.0. 66, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.66, XR450 versiones anteriores a 2.3.2.32, y XR500 versiones anteriores a 2.3.2.32.", }, ], id: "CVE-2019-20721", lastModified: "2024-11-21T04:39:10.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T19:15:25.227", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 17:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D7800 versiones anteriores a 1.0.1.30, R6100 versiones anteriores a 1.0.1.20, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3. 24, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21223", lastModified: "2024-11-21T04:03:13.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T17:15:12.993", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055114/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055114/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2457", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 18:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50 y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21172", lastModified: "2024-11-21T04:03:04.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T18:15:12.967", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055186/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055186/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2631", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d3600_firmware | * | |
| netgear | d3600 | - | |
| netgear | d6000_firmware | * | |
| netgear | d6000 | - | |
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FB5F9D-2B33-44AD-BD57-164DF945ADA7", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", matchCriteriaId: "31DE9D4E-3CDC-4552-A63F-DD5D95E23F63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2089DF5E-598C-4CC2-B910-05C8D209A1BB", versionEndExcluding: "1.0.0.67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", matchCriteriaId: "6F6EA344-FF99-4F27-9860-3C5BE07345A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B5A756C-6CA4-46EF-80B8-9051FB607B43", versionEndExcluding: "1.0.0.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0173E81F-5BE3-4249-A620-EC36AD109D75", versionEndExcluding: "1.0.1.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos de NETGEAR están afectados por un desbordamiento del búfer por parte de un atacante no autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.67, D6000 versiones anteriores a 1.0.0.67, D6100 versiones anteriores a 1.0.0.56, D7800 versiones anteriores a 1.0.1.30, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1. 0.2.40, R9000 versiones anteriores a 1.0.2.52, WNDR3700v4 versiones anteriores a 1.0.2.96, WNDR4300 versiones anteriores a 1.0.2.98, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21211", lastModified: "2024-11-21T04:03:11.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T16:15:13.950", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 15:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "638CC87A-8459-4878-9985-80B8CF8A1B8D", versionEndExcluding: "1.0.0.25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d1500:-:*:*:*:*:*:*:*", matchCriteriaId: "78DC8809-C26D-48D8-9E12-228C3669B824", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "086445B7-C353-4EE7-8799-3CDC2C3A0E64", versionEndExcluding: "1.0.0.25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d500:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE070E3-C0B1-455F-83A9-5C60C489816F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A37AA7DC-5B2C-4E1B-8556-F1C9F6BBE9D7", versionEndExcluding: "1.0.0.55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A94DD9D-0F07-4FD7-B1B0-1DD1E319B092", versionEndExcluding: "1.0.1.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF04B65B-9685-4595-9C71-0F77AD7109BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2E25FA-14F1-44ED-99D3-B5ED7D898D59", versionEndExcluding: "1.0.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E957C14F-0073-48A9-A78B-A3A36C48F6C2", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E8B1526-CE4F-4ACC-B668-36AA69EA0A34", versionEndExcluding: "1.0.1.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E90EB0CF-D659-435C-8BDD-379286F0351A", versionEndExcluding: "1.1.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", matchCriteriaId: "CCE79B3F-8667-43C9-962D-EE089428F144", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5A7E7F98-C500-48A9-A1F2-86C3AF7130D6", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", matchCriteriaId: "D67167E5-81D2-4892-AF41-CBB6271232D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EEBDA31-7845-4598-8E40-63CEF5037E84", versionEndExcluding: "1.1.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", matchCriteriaId: "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6754FA98-E862-4C0B-9146-E858B15B0AE6", versionEndExcluding: "1.0.0.18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", matchCriteriaId: "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF013048-DE20-49A5-9091-DD0DEA830D33", versionEndExcluding: "1.0.0.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", matchCriteriaId: "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "10757AA0-970A-4C71-9085-D797A9906861", versionEndExcluding: "1.0.1.16", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", matchCriteriaId: "363D4DEE-98B9-4294-B241-1613CAD1A3A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D70F5F17-5134-47AB-B182-321B1B0CD72B", versionEndExcluding: "1.0.0.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", matchCriteriaId: "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14253C3A-712C-4A7E-83C4-88A6BBEF0AB2", versionEndExcluding: "1.1.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", matchCriteriaId: "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7494430D-BA3F-4EDB-9FB8-7586D4457B9D", versionEndExcluding: "1.0.0.118", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A98819AD-045F-45AE-9579-258E41882CD9", versionEndExcluding: "1.0.3.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "679AAEA7-6415-4BBA-AE95-887C2CA609DC", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "030AAA8B-65D9-42E4-ACF6-F2DB13D4AA30", versionEndExcluding: "1.0.2.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AB52FC6-BC09-41ED-BB91-63A4E795E0F8", versionEndExcluding: "1.0.0.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD1F416B-C938-4AE3-B93E-03087575FF40", versionEndExcluding: "1.1.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", matchCriteriaId: "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1EBB8F-818F-4E04-BB25-A81C1C309CD0", versionEndExcluding: "1.0.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "978E12D1-8C55-4BF2-8213-DE9C23B23EFC", versionEndExcluding: "1.1.0.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "51F31B60-7B0F-41AC-9FEF-FAAD54269194", versionEndExcluding: "1.1.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", matchCriteriaId: "C8218868-273B-46DB-B636-D3F9A3768069", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "57B186F2-4D0D-44BD-9F5F-DC1D9FD12C5A", versionEndExcluding: "1.1.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", matchCriteriaId: "C2189628-03E7-445A-9EF2-656A85539115", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "55A6E04A-1630-4C5F-8173-B6B725A59D46", versionEndExcluding: "1.1.0.46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", matchCriteriaId: "9877579C-D214-4605-93AA-2B78914CF33C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo CSRF. Esto afecta a D1500 versiones anteriores a 1.0.0.25, D500 versiones anteriores a 1.0.0.25, D6100 versiones anteriores a 1.0.0.55, D7000 versiones anteriores a 1.0.1.50, D7800 versiones anteriores a 1.0.1.28, EX6100v2 versiones anteriores a 1.0.1.60, EX6150v2 versiones anteriores a 1.0.1.60, JNR1010v2 versiones anteriores a 1.1.0.46, JR6150 versiones anteriores a 1.0.1.16, JWNR2010v5 versiones anteriores a 1.1.0.46, PR2000 versiones anteriores a 1.0.0.18, R6020 versiones anteriores a 1.0.0.26, R6050 versiones anteriores a 1.0.1.16, R6080 versiones anteriores a 1.0.0.26, R6100 versiones anteriores a 1.0.1.20, R6220 versiones anteriores a 1.1.0.60, R7500 versiones anteriores a 1.0.0.118, R7500v2 versiones anteriores a 1.0.3.20, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.2.52, WN3000RPv3 versiones anteriores a 1.0.2.50, WN3100RPv2 versiones anteriores a 1.0.0.40, WNDR3700v5 versiones anteriores a 1.1.0.48, WNDR4300v2 versiones anteriores a 1.0.0.48, WNDR4500v3 versiones anteriores a 1.0. 0.48, WNR1000v4 versiones anteriores a 1.1.0.46, WNR2000v5 versiones anteriores a 1.0.0.62, WNR2020 versiones anteriores a 1.1.0.46 y WNR2050 versiones anteriores a 1.1.0.46.", }, ], id: "CVE-2017-18703", lastModified: "2024-11-21T03:20:42.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T15:15:12.537", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 15:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2ECEA129-164C-4C80-A81E-9688F4AC3583", versionEndExcluding: "1.0.0.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "76B12C31-83C3-427F-B2CA-D75EA89DCC6F", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "25525299-DB5C-4A90-B2AA-725ADE58D63C", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.57, R6100 versiones anteriores a 1.0.1.20, R7800 versiones anteriores a 1.0.2.40, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21191", lastModified: "2024-11-21T04:03:08.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T15:15:12.660", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055166/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055166/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2604", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-21 21:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6100_firmware | * | |
| netgear | r6100 | - | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFFF63B-46C8-49BF-8494-BB3322F14594", versionEndExcluding: "1.0.1.22", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", matchCriteriaId: "9F44A123-B256-428B-98C2-17570F2F32DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F99E4DD-50CB-4B06-BDAF-DD56FF0E90CF", versionEndExcluding: "1.0.0.122", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3B3F26-401C-4ED0-B871-4B4F8521F369", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9D351BB-5034-4771-96BB-F143951CE5D5", versionEndExcluding: "1.0.2.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "610C6DB8-E11E-4EAE-A16F-189283F70B26", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEFCBDB9-47D0-40EF-9428-FF714763BC12", versionEndExcluding: "1.0.3.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAF6A089-4E7D-43D1-AF1F-01A7A592115E", versionEndExcluding: "1.0.2.96", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF96C0EB-8CB6-4C86-A9A2-A4C7AF58C97F", versionEndExcluding: "1.0.2.98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC5A295B-77E9-4F8B-B523-56C7A1472AD9", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5B27DF7-FA36-4A0E-A7B0-0D29BE9434BE", versionEndExcluding: "1.0.0.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "124ABC0A-DD68-4540-AAC2-C4E87CDC91A7", versionEndExcluding: "1.0.0.64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, { lang: "es", value: "Ciertos dispositivos NETGEAR se ven afectados por la denegación de servicio. Esto afecta a R6100 en versiones anteriores a la 1.0.1.22, R7500 en versiones anteriores a la 1.0.0.122, R7800 en versiones anteriores a la 1.0.2.42, R8900 en versiones anteriores a la 1.0.3.10, R9000 en versiones anteriores a la 1.0.3.10, WNDR3700v4 en versiones anteriores a la 1.0.2.96, WNDR4300 en versiones anteriores a la 1.0.2.98, WNDR4300v2 en versiones anteriores a la 1.0.0.54, WNDR4500v3 en versiones anteriores a la 1.0.0.54 y WNR2000v5 en versiones anteriores a la 1.0.0.64.", }, ], id: "CVE-2018-21141", lastModified: "2024-11-21T04:03:00.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 2.7, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-21T21:15:12.740", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-16 21:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d6100_firmware | * | |
| netgear | d6100 | - | |
| netgear | dm200_firmware | * | |
| netgear | dm200 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | ex6100_firmware | * | |
| netgear | ex6100 | v2 | |
| netgear | ex6150_firmware | * | |
| netgear | ex6150 | v2 | |
| netgear | ex6200_firmware | * | |
| netgear | ex6200 | v2 | |
| netgear | ex8000_firmware | * | |
| netgear | ex8000 | - | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r8900_firmware | * | |
| netgear | r8900 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wn2000rpt_firmware | * | |
| netgear | wn2000rpt | v3 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v2 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA3E7329-F839-4DD3-921F-B9E8DEDC8F12", versionEndExcluding: "1.0.0.60", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*", matchCriteriaId: "7EFD1E86-F100-4E46-935D-903EB6FEFE9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6B27650A-B7FE-41E4-8231-9283CC7B8349", versionEndExcluding: "1.0.0.61", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:*", matchCriteriaId: "1B048F71-70F1-4D9F-84E2-9F7340F6ADAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "733650A8-D797-43B2-851E-1B364C9E7100", versionEndExcluding: "1.0.1.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC89483B-6D99-4A1B-A513-B50EA44DA963", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", matchCriteriaId: "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "542F7529-27DB-41F1-A8E4-FA7A596E5DCC", versionEndExcluding: "1.0.1.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", matchCriteriaId: "49846803-C6FB-4DD3-ADA7-78B9923536F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3223C7E1-06DF-4CAA-89DD-611435165F49", versionEndExcluding: "1.0.1.72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F6F80A7-3B51-46FD-854E-D848F7906048", versionEndExcluding: "1.0.1.180", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2195F1-18F6-4397-9D28-7A92003B7A76", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BEF7967B-5FA3-4D43-BEC5-2644FBB1D168", versionEndExcluding: "1.0.4.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", matchCriteriaId: "0F859165-8D89-4CDD-9D48-9C7923D2261F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D34DD834-FE59-4F04-9448-FDC385CF70F6", versionEndExcluding: "1.0.4.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "317AE6B1-BA33-49DF-A839-A49C5493996E", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "663F925A-642C-4E4A-9D27-76B6EF6978F6", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6FCA6E-55DB-4D65-BD80-BF186C2F04FB", versionEndExcluding: "1.0.2.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A480981E-57ED-47E3-B9AB-190E4783DC04", versionEndExcluding: "1.0.0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA490CC-DB27-4817-A589-61A0D221E9FD", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "652D8CA8-B56A-4403-B072-B4C245AB8EDA", versionEndExcluding: "1.0.0.58", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D01DCF3-B6FD-4779-B048-DA4A963C9DEB", versionEndExcluding: "1.0.0.68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D6100 versiones anteriores a 1.0.0.60, DM200 versiones anteriores a 1.0.0.61, EX2700 versiones anteriores a 1.0.1.48, EX6100v2 versiones anteriores a 1.0.1.76, EX6150v2 versiones anteriores a 1.0.1.76, EX6200v2 versiones anteriores a 1.0.1.72, EX8000 versiones anteriores a 1.0.1.180, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0. 4.26, R9000 versiones anteriores a 1.0.4.26, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1.0.2.70, WN3100RPv2 versiones anteriores a 1.0.0.66, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, y WNR2000v5 versiones anteriores a 1.0.0.68.", }, ], id: "CVE-2019-20751", lastModified: "2024-11-21T04:39:16.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-16T21:15:13.067", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060964/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000060964/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0171", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 13:15
Modified
2024-11-21 04:03
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | d7800_firmware | * | |
| netgear | d7800 | - | |
| netgear | ex2700_firmware | * | |
| netgear | ex2700 | - | |
| netgear | ex6200_firmware | * | |
| netgear | ex6200 | v2 | |
| netgear | r7500_firmware | * | |
| netgear | r7500 | v2 | |
| netgear | r7800_firmware | * | |
| netgear | r7800 | - | |
| netgear | r9000_firmware | * | |
| netgear | r9000 | - | |
| netgear | wn2000rpt_firmware | * | |
| netgear | wn2000rpt | v3 | |
| netgear | wn3000rp_firmware | * | |
| netgear | wn3000rp | v3 | |
| netgear | wn3100rp_firmware | * | |
| netgear | wn3100rp | v2 | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v4 | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | - | |
| netgear | wndr4300_firmware | * | |
| netgear | wndr4300 | v2 | |
| netgear | wndr4500_firmware | * | |
| netgear | wndr4500 | v3 | |
| netgear | wnr2000_firmware | * | |
| netgear | wnr2000 | v5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2E25FA-14F1-44ED-99D3-B5ED7D898D59", versionEndExcluding: "1.0.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2D4987-3726-4A72-8D32-592F59FAC46D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D8426F7-28E5-4903-8936-B6F8D5733142", versionEndExcluding: "1.0.1.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*", matchCriteriaId: "5341B659-DE7D-43F1-954D-82049CBE18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "08D74CD0-EEE6-4A1D-809C-C0ED7E69489E", versionEndExcluding: "1.0.1.56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C38F66ED-C53D-40F4-9F1E-96254BCD8A0C", versionEndExcluding: "1.0.3.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*", matchCriteriaId: "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E62164-2324-4AF2-B300-8005DAD433B6", versionEndExcluding: "1.0.2.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", matchCriteriaId: "17CF7445-6950-45FE-9D1A-E23F63316329", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E460D519-DDF3-4E59-9E41-050DC3723FD7", versionEndExcluding: "1.0.3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", matchCriteriaId: "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn2000rpt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC14D1E5-1302-4E4E-9119-E64342B0AE21", versionEndExcluding: "1.0.1.20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn2000rpt:v3:*:*:*:*:*:*:*", matchCriteriaId: "6FB1BE0D-E3CF-4C16-8C11-706B238E9934", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FAAE779-B8EA-42A3-BF22-FF17D779300E", versionEndExcluding: "1.0.2.52", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", matchCriteriaId: "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn3100rp_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B562B414-1A33-4E81-83FF-D8750D977DDC", versionEndExcluding: "1.0.0.42", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn3100rp:v2:*:*:*:*:*:*:*", matchCriteriaId: "4D8680F5-0C06-4CFC-8BA0-CF85D0438419", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90A3C8B6-51A9-49BC-8C82-01269519B652", versionEndExcluding: "1.0.2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", matchCriteriaId: "257A5E68-8EDC-44F5-A85C-83A91C93CCE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAD8DCD-C187-4F15-9828-F302295199BA", versionEndExcluding: "1.0.2.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*", matchCriteriaId: "1413C591-D066-4FA2-BEB1-6C60F8645F28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1425F7B0-0990-43F4-9621-8DAE8508FEED", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", matchCriteriaId: "4428B145-B86D-4709-BBA9-64BDE7D35A25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", versionEndExcluding: "1.0.0.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", matchCriteriaId: "C31D6808-4103-4543-B7AB-84A79CD12006", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27B33A47-E305-43CC-9AC2-C35DE8E51F02", versionEndExcluding: "1.0.0.62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", matchCriteriaId: "317F25FF-B3A2-4C68-888F-D2627C564867", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.28, EX2700 versiones anteriores a 1.0.1.32, EX6200v2 versiones anteriores a 1.0.1.56, R7500v2 versiones anteriores a 1.0.3.24, R7800 versiones anteriores a 1.0.2.40, R9000 versiones anteriores a 1.0.3.6, WN2000RPTv3 versiones anteriores a 1.0.1. 20, WN3000RPv3 versiones anteriores a 1.0.2.52, WN3100RPv2 versiones anteriores a 1.0.0.42, WNDR3700v4 versiones anteriores a 1.0.2.92, WNDR4300 versiones anteriores a 1.0.2.94, WNDR4300v2 versiones anteriores a 1.0.0.50, WNDR4500v3 versiones anteriores a 1.0.0.50, y WNR2000v5 versiones anteriores a 1.0.0.62.", }, ], id: "CVE-2018-21181", lastModified: "2024-11-21T04:03:06.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T13:15:12.480", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055177/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000055177/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2618", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202004-0758
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866. plural NETGEAR A cross-site scripting vulnerability exists in the device. This vulnerability is CVE-2017-18866 This is a vulnerability caused by an incomplete fix for.Information may be obtained and tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0758", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wnr2020", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.40", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.54", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.5.30", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.5.30", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.34", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "r6080", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.30", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.78", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.46", }, { model: "r6020", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.30", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.5.30", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.14", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.14", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r6800", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.14", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wnr2050", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.52", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "jnr1010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.50", }, { model: "jwnr2010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.50", }, { model: "r6020", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.30", }, { model: "r6080", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.16", }, { model: "rbk50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.5.30", }, { model: "rbr50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.5.30", }, { model: "rbs50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.5.30", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, { db: "NVD", id: "CVE-2019-20738", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jnr1010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jwnr2010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6020_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6080_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk50_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr50_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbs50_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, ], }, cve: "CVE-2019-20738", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2019-20738", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2019-015455", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, id: "CVE-2019-20738", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.1, id: "CVE-2019-20738", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2019-015455", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20738", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20738", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015455", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1349", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, { db: "CNNVD", id: "CNNVD-202004-1349", }, { db: "NVD", id: "CVE-2019-20738", }, { db: "NVD", id: "CVE-2019-20738", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866. plural NETGEAR A cross-site scripting vulnerability exists in the device. This vulnerability is CVE-2017-18866 This is a vulnerability caused by an incomplete fix for.Information may be obtained and tampered with", sources: [ { db: "NVD", id: "CVE-2019-20738", }, { db: "JVNDB", id: "JVNDB-2019-015455", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20738", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-015455", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1349", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, { db: "CNNVD", id: "CNNVD-202004-1349", }, { db: "NVD", id: "CVE-2019-20738", }, ], }, id: "VAR-202004-0758", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4014819361111111, }, last_update_date: "2024-11-23T22:51:27.268000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross Site Scripting on Some Routers, Gateways, and WiFi System, PSV-2016-0100", trust: 0.8, url: "https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100", }, { title: "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114908", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, { db: "CNNVD", id: "CNNVD-202004-1349", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, { db: "NVD", id: "CVE-2019-20738", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000061187/security-advisory-for-stored-cross-site-scripting-on-some-routers-gateways-and-wifi-system-psv-2016-0100", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20738", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20738", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, { db: "CNNVD", id: "CNNVD-202004-1349", }, { db: "NVD", id: "CVE-2019-20738", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, { db: "CNNVD", id: "CNNVD-202004-1349", }, { db: "NVD", id: "CVE-2019-20738", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015455", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1349", }, { date: "2020-04-16T20:15:13.820000", db: "NVD", id: "CVE-2019-20738", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015455", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-1349", }, { date: "2024-11-21T04:39:13.863000", db: "NVD", id: "CVE-2019-20738", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1349", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015455", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-1349", }, ], trust: 0.6, }, }
var-202004-0785
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0785", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "xr500", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.2.32", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "ex8000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.180", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.63", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.58", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "ex7300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.136", }, { model: "ex6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.136", }, { model: "ex2700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.48", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.60", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.70", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.48", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.72", }, { model: "ex6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "ex7300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "ex6100v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6150v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.76", }, { model: "wn2000rptv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.32", }, { model: "wn3000rpv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.70", }, { model: "wn3000rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3100rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.60", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "ex6200v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.72", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61056", }, { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "NVD", id: "CVE-2019-20723", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex7300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015409", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1307", }, ], trust: 0.6, }, cve: "CVE-2019-20723", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20723", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015409", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-61056", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20723", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20723", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015409", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20723", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20723", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015409", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-61056", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1307", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61056", }, { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "CNNVD", id: "CNNVD-202004-1307", }, { db: "NVD", id: "CVE-2019-20723", }, { db: "NVD", id: "CVE-2019-20723", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow", sources: [ { db: "NVD", id: "CVE-2019-20723", }, { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "CNVD", id: "CNVD-2021-61056", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20723", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015409", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-61056", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1307", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61056", }, { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "CNNVD", id: "CNNVD-202004-1307", }, { db: "NVD", id: "CVE-2019-20723", }, ], }, id: "VAR-202004-0785", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-61056", }, ], trust: 1.1791139654166667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61056", }, ], }, last_update_date: "2024-11-23T21:59:21.256000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, Gateways, and Extenders, PSV-2018-0146", trust: 0.8, url: "https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-61056)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/285371", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114817", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61056", }, { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "CNNVD", id: "CNNVD-202004-1307", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "NVD", id: "CVE-2019-20723", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20723", }, { trust: 1.6, url: "https://kb.netgear.com/000061205/security-advisory-for-post-authentication-stack-overflow-on-some-routers-gateways-and-extenders-psv-2018-0146", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20723", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61056", }, { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "CNNVD", id: "CNNVD-202004-1307", }, { db: "NVD", id: "CVE-2019-20723", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-61056", }, { db: "JVNDB", id: "JVNDB-2019-015409", }, { db: "CNNVD", id: "CNNVD-202004-1307", }, { db: "NVD", id: "CVE-2019-20723", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61056", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015409", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1307", }, { date: "2020-04-16T19:15:25.337000", db: "NVD", id: "CVE-2019-20723", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61056", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015409", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1307", }, { date: "2024-11-21T04:39:11.273000", db: "NVD", id: "CVE-2019-20723", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1307", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015409", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1307", }, ], trust: 0.6, }, }
var-202004-1642
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.52, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.42, R8900 prior to 1.0.4.2, R9000 prior to 1.0.3.16, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1642", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.122", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.52", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.3.26", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.16", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.0.54", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.26", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.30", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.31", }, { model: "dm200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.1", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r8900", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r8900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.6", }, { model: "r8900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.6", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28143", }, { db: "VULMON", id: "CVE-2018-21155", }, { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "NVD", id: "CVE-2018-21155", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016396", }, ], }, cve: "CVE-2018-21155", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2018-21155", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016396", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2020-28143", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2018-21155", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.1, id: "CVE-2018-21155", impactScore: 3.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2018-016396", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21155", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21155", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016396", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28143", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2204", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21155", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28143", }, { db: "VULMON", id: "CVE-2018-21155", }, { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "CNNVD", id: "CNNVD-202004-2204", }, { db: "NVD", id: "CVE-2018-21155", }, { db: "NVD", id: "CVE-2018-21155", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.52, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.42, R8900 prior to 1.0.4.2, R9000 prior to 1.0.3.16, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64", sources: [ { db: "NVD", id: "CVE-2018-21155", }, { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "CNVD", id: "CNVD-2020-28143", }, { db: "VULMON", id: "CVE-2018-21155", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21155", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016396", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28143", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2204", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21155", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28143", }, { db: "VULMON", id: "CVE-2018-21155", }, { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "CNNVD", id: "CNNVD-202004-2204", }, { db: "NVD", id: "CVE-2018-21155", }, ], }, id: "VAR-202004-1642", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28143", }, ], trust: 1.2066003666666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28143", }, ], }, last_update_date: "2024-11-23T22:51:26.065000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross-Site Scripting on Some Gateways and Routers, PSV-2017-3101", trust: 0.8, url: "https://kb.netgear.com/000059478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-and-Routers-PSV-2017-3101", }, { title: "Patch for Multiple NETGEAR product cross-site scripting vulnerabilities (CNVD-2020-28143)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217441", }, { title: "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117299", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28143", }, { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "CNNVD", id: "CNNVD-202004-2204", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "NVD", id: "CVE-2018-21155", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21155", }, { trust: 1.7, url: "https://kb.netgear.com/000059478/security-advisory-for-stored-cross-site-scripting-on-some-gateways-and-routers-psv-2017-3101", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21155", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28143", }, { db: "VULMON", id: "CVE-2018-21155", }, { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "CNNVD", id: "CNNVD-202004-2204", }, { db: "NVD", id: "CVE-2018-21155", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28143", }, { db: "VULMON", id: "CVE-2018-21155", }, { db: "JVNDB", id: "JVNDB-2018-016396", }, { db: "CNNVD", id: "CNNVD-202004-2204", }, { db: "NVD", id: "CVE-2018-21155", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28143", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21155", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016396", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2204", }, { date: "2020-04-27T18:15:12.357000", db: "NVD", id: "CVE-2018-21155", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28143", }, { date: "2020-05-06T00:00:00", db: "VULMON", id: "CVE-2018-21155", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016396", }, { date: "2020-05-07T00:00:00", db: "CNNVD", id: "CNNVD-202004-2204", }, { date: "2024-11-21T04:03:02.177000", db: "NVD", id: "CVE-2018-21155", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2204", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016396", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-2204", }, ], trust: 0.6, }, }
var-202004-1696
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500, etc. are all products of NETGEAR. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1696", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28245", }, { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "NVD", id: "CVE-2018-21185", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016378", }, ], }, cve: "CVE-2018-21185", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21185", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016378", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28245", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21185", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21185", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016378", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21185", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21185", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016378", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28245", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2244", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21185", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28245", }, { db: "VULMON", id: "CVE-2018-21185", }, { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "CNNVD", id: "CNNVD-202004-2244", }, { db: "NVD", id: "CVE-2018-21185", }, { db: "NVD", id: "CVE-2018-21185", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500, etc. are all products of NETGEAR. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21185", }, { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "CNVD", id: "CNVD-2020-28245", }, { db: "VULMON", id: "CVE-2018-21185", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21185", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016378", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28245", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2244", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21185", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28245", }, { db: "VULMON", id: "CVE-2018-21185", }, { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "CNNVD", id: "CNNVD-202004-2244", }, { db: "NVD", id: "CVE-2018-21185", }, ], }, id: "VAR-202004-1696", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28245", }, ], trust: 1.2809049927272729, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28245", }, ], }, last_update_date: "2024-11-23T21:51:30.196000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2610", trust: 0.8, url: "https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28245)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217475", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117337", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28245", }, { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "CNNVD", id: "CNNVD-202004-2244", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "NVD", id: "CVE-2018-21185", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21185", }, { trust: 1.7, url: "https://kb.netgear.com/000055173/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2610", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21185", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28245", }, { db: "VULMON", id: "CVE-2018-21185", }, { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "CNNVD", id: "CNNVD-202004-2244", }, { db: "NVD", id: "CVE-2018-21185", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28245", }, { db: "VULMON", id: "CVE-2018-21185", }, { db: "JVNDB", id: "JVNDB-2018-016378", }, { db: "CNNVD", id: "CNNVD-202004-2244", }, { db: "NVD", id: "CVE-2018-21185", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28245", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21185", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016378", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2244", }, { date: "2020-04-28T13:15:12.747000", db: "NVD", id: "CVE-2018-21185", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28245", }, { date: "2020-05-06T00:00:00", db: "VULMON", id: "CVE-2018-21185", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016378", }, { date: "2020-05-07T00:00:00", db: "CNNVD", id: "CNNVD-202004-2244", }, { date: "2024-11-21T04:03:07.177000", db: "NVD", id: "CVE-2018-21185", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2244", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016378", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2244", }, ], trust: 0.6, }, }
var-201612-0661
Vulnerability from variot
NetgearWNR2000 is a wireless router product from Netgear. An access control vulnerability exists in the NETGEARWNR2000 router. Since the apply_noauth.cgi function has similar functionality to the apply.cgi function that the administrator uses to perform sensitive operations. Unauthenticated attackers can perform sensitive operations through the apply_noauth.cgi function.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201612-0661", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "3", }, { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "4", }, { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "5", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], }, cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2016-13120", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "CNVD", id: "CNVD-2016-13120", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NetgearWNR2000 is a wireless router product from Netgear. An access control vulnerability exists in the NETGEARWNR2000 router. Since the apply_noauth.cgi function has similar functionality to the apply.cgi function that the administrator uses to perform sensitive operations. Unauthenticated attackers can perform sensitive operations through the apply_noauth.cgi function.", sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], trust: 0.6, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CNVD", id: "CNVD-2016-13120", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], }, id: "VAR-201612-0661", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], }, last_update_date: "2022-05-04T10:01:14.180000Z", references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 0.6, url: "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-12-27T00:00:00", db: "CNVD", id: "CNVD-2016-13120", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-12-27T00:00:00", db: "CNVD", id: "CNVD-2016-13120", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR WNR2000 Router Access Control Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2016-13120", }, ], trust: 0.6, }, }
var-202004-1704
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1704", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.30", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.31", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28269", }, { db: "VULMON", id: "CVE-2018-21193", }, { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "NVD", id: "CVE-2018-21193", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016376", }, ], }, cve: "CVE-2018-21193", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21193", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016376", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28269", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21193", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21193", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016376", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21193", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21193", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016376", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28269", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2257", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21193", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28269", }, { db: "VULMON", id: "CVE-2018-21193", }, { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "CNNVD", id: "CNNVD-202004-2257", }, { db: "NVD", id: "CVE-2018-21193", }, { db: "NVD", id: "CVE-2018-21193", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21193", }, { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "CNVD", id: "CNVD-2020-28269", }, { db: "VULMON", id: "CVE-2018-21193", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21193", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016376", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28269", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2257", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21193", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28269", }, { db: "VULMON", id: "CVE-2018-21193", }, { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "CNNVD", id: "CNNVD-202004-2257", }, { db: "NVD", id: "CVE-2018-21193", }, ], }, id: "VAR-202004-1704", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28269", }, ], trust: 1.2979498327272725, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28269", }, ], }, last_update_date: "2024-11-23T22:29:38.642000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2602", trust: 0.8, url: "https://kb.netgear.com/000055164/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2602", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28269)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217557", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117349", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28269", }, { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "CNNVD", id: "CNNVD-202004-2257", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "NVD", id: "CVE-2018-21193", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21193", }, { trust: 1.7, url: "https://kb.netgear.com/000055164/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2602", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21193", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28269", }, { db: "VULMON", id: "CVE-2018-21193", }, { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "CNNVD", id: "CNNVD-202004-2257", }, { db: "NVD", id: "CVE-2018-21193", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28269", }, { db: "VULMON", id: "CVE-2018-21193", }, { db: "JVNDB", id: "JVNDB-2018-016376", }, { db: "CNNVD", id: "CNNVD-202004-2257", }, { db: "NVD", id: "CVE-2018-21193", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28269", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21193", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016376", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2257", }, { date: "2020-04-28T15:15:12.770000", db: "NVD", id: "CVE-2018-21193", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28269", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21193", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016376", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2257", }, { date: "2024-11-21T04:03:08.457000", db: "NVD", id: "CVE-2018-21193", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2257", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016376", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2257", }, ], trust: 0.6, }, }
var-202004-1640
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, EX2700 prior to 1.0.1.32, EX6100v2 prior to 1.0.1.70, EX6150v2 prior to 1.0.1.70, EX6200v2 prior to 1.0.1.62, EX6400 prior to 1.0.1.78, EX7300 prior to 1.0.1.62, EX8000 prior to 1.0.0.114, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.40, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN3000RPv2 prior to 1.0.0.56, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.56, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1640", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.62", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.114", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.62", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.40", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.70", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.122", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.34", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.66", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.70", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "dm200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.22", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.98", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.32", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.70", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.70", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.62", }, { model: "ex6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.78", }, { model: "ex7300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.62", }, { model: "ex8000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.114", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "NVD", id: "CVE-2018-21153", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex7300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex8000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016401", }, ], }, cve: "CVE-2018-21153", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2018-21153", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016401", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2018-21153", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21153", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016401", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21153", trust: 1, value: "CRITICAL", }, { author: "cve@mitre.org", id: "CVE-2018-21153", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016401", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202004-2201", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2018-21153", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2018-21153", }, { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "CNNVD", id: "CNNVD-202004-2201", }, { db: "NVD", id: "CVE-2018-21153", }, { db: "NVD", id: "CVE-2018-21153", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, EX2700 prior to 1.0.1.32, EX6100v2 prior to 1.0.1.70, EX6150v2 prior to 1.0.1.70, EX6200v2 prior to 1.0.1.62, EX6400 prior to 1.0.1.78, EX7300 prior to 1.0.1.62, EX8000 prior to 1.0.0.114, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.40, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN3000RPv2 prior to 1.0.0.56, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.56, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64", sources: [ { db: "NVD", id: "CVE-2018-21153", }, { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "VULMON", id: "CVE-2018-21153", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21153", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2018-016401", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-2201", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21153", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2018-21153", }, { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "CNNVD", id: "CNNVD-202004-2201", }, { db: "NVD", id: "CVE-2018-21153", }, ], }, id: "VAR-202004-1640", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.38514334, }, last_update_date: "2024-11-23T22:48:01.294000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Gateways, Routers, and Extenders, PSV-2017-3136", trust: 0.8, url: "https://kb.netgear.com/000059480/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Gateways-Routers-and-Extenders-PSV-2017-3136", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117718", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "CNNVD", id: "CNNVD-202004-2201", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "NVD", id: "CVE-2018-21153", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000059480/security-advisory-for-pre-authentication-buffer-overflow-on-some-gateways-routers-and-extenders-psv-2017-3136", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21153", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21153", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2018-21153", }, { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "CNNVD", id: "CNNVD-202004-2201", }, { db: "NVD", id: "CVE-2018-21153", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2018-21153", }, { db: "JVNDB", id: "JVNDB-2018-016401", }, { db: "CNNVD", id: "CNNVD-202004-2201", }, { db: "NVD", id: "CVE-2018-21153", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21153", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016401", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2201", }, { date: "2020-04-27T18:15:12.230000", db: "NVD", id: "CVE-2018-21153", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21153", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016401", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2201", }, { date: "2024-11-21T04:03:01.853000", db: "NVD", id: "CVE-2018-21153", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2201", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2018-016401", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2201", }, ], trust: 0.6, }, }
var-202004-1664
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6100 is a wireless modem. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1664", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.56", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46570", }, { db: "VULMON", id: "CVE-2018-21218", }, { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "NVD", id: "CVE-2018-21218", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016343", }, ], }, cve: "CVE-2018-21218", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21218", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016343", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-46570", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21218", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21218", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016343", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21218", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21218", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016343", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-46570", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2295", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21218", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46570", }, { db: "VULMON", id: "CVE-2018-21218", }, { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "CNNVD", id: "CNNVD-202004-2295", }, { db: "NVD", id: "CVE-2018-21218", }, { db: "NVD", id: "CVE-2018-21218", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6100 is a wireless modem. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21218", }, { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "CNVD", id: "CNVD-2021-46570", }, { db: "VULMON", id: "CVE-2018-21218", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21218", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016343", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-46570", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2295", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21218", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46570", }, { db: "VULMON", id: "CVE-2018-21218", }, { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "CNNVD", id: "CNNVD-202004-2295", }, { db: "NVD", id: "CVE-2018-21218", }, ], }, id: "VAR-202004-1664", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-46570", }, ], trust: 1.2675980592307692, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46570", }, ], }, last_update_date: "2024-11-23T22:16:30.009000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2483", trust: 0.8, url: "https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-46570)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/276571", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117387", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46570", }, { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "CNNVD", id: "CNNVD-202004-2295", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "NVD", id: "CVE-2018-21218", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21218", }, { trust: 1.7, url: "https://kb.netgear.com/000055119/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-and-gateways-psv-2017-2483", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21218", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46570", }, { db: "VULMON", id: "CVE-2018-21218", }, { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "CNNVD", id: "CNNVD-202004-2295", }, { db: "NVD", id: "CVE-2018-21218", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-46570", }, { db: "VULMON", id: "CVE-2018-21218", }, { db: "JVNDB", id: "JVNDB-2018-016343", }, { db: "CNNVD", id: "CNNVD-202004-2295", }, { db: "NVD", id: "CVE-2018-21218", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-02T00:00:00", db: "CNVD", id: "CNVD-2021-46570", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21218", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016343", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2295", }, { date: "2020-04-28T16:15:14.310000", db: "NVD", id: "CVE-2018-21218", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-02T00:00:00", db: "CNVD", id: "CNVD-2021-46570", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2018-21218", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016343", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2295", }, { date: "2024-11-21T04:03:12.327000", db: "NVD", id: "CVE-2018-21218", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2295", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in the product", sources: [ { db: "JVNDB", id: "JVNDB-2018-016343", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2295", }, ], trust: 0.6, }, }
var-202004-1466
Vulnerability from variot
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7500 is a wireless router of NETGEAR.
There are security holes in many NETGEAR products. No detailed vulnerability details are currently available. This affects R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, WNDR3700v4 prior to 1.0.2.88, WNDR4300 prior to 1.0.2.90, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1466", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.48", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28006", }, { db: "VULMON", id: "CVE-2017-18706", }, { db: "JVNDB", id: "JVNDB-2017-015004", }, { db: "NVD", id: "CVE-2017-18706", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-015004", }, ], }, cve: "CVE-2017-18706", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CVE-2017-18706", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 3.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2017-015004", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CNVD-2020-28006", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2017-18706", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2017-18706", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2017-015004", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18706", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18706", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-015004", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28006", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202004-2095", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2017-18706", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28006", }, { db: "VULMON", id: "CVE-2017-18706", }, { db: "JVNDB", id: "JVNDB-2017-015004", }, { db: "CNNVD", id: "CNNVD-202004-2095", }, { db: "NVD", id: "CVE-2017-18706", }, { db: "NVD", id: "CVE-2017-18706", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7500 is a wireless router of NETGEAR. \n\r\n\r\nThere are security holes in many NETGEAR products. No detailed vulnerability details are currently available. This affects R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, WNDR3700v4 prior to 1.0.2.88, WNDR4300 prior to 1.0.2.90, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2017-18706", }, { db: "JVNDB", id: "JVNDB-2017-015004", }, { db: "CNVD", id: "CNVD-2020-28006", }, { db: "VULMON", id: "CVE-2017-18706", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18706", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2017-015004", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28006", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2095", trust: 0.6, }, { db: "VULMON", id: "CVE-2017-18706", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28006", }, { db: "VULMON", id: "CVE-2017-18706", }, { db: "JVNDB", id: "JVNDB-2017-015004", }, { db: "CNNVD", id: "CNNVD-202004-2095", }, { db: "NVD", id: "CVE-2017-18706", }, ], }, id: "VAR-202004-1466", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28006", }, ], trust: 1.372192022857143, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28006", }, ], }, last_update_date: "2024-11-23T22:25:32.514000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Security Misconfiguration on Some Routers, PSV-2017-0516", trust: 0.8, url: "https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516", }, { title: "Patch for Many NETGEAR products have unknown vulnerabilities (CNVD-2020-28006)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217309", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117018", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28006", }, { db: "JVNDB", id: "JVNDB-2017-015004", }, { db: "CNNVD", id: "CNNVD-202004-2095", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2017-18706", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18706", }, { trust: 1.7, url: "https://kb.netgear.com/000053196/security-advisory-for-security-misconfiguration-on-some-routers-psv-2017-0516", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18706", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28006", }, { db: "VULMON", id: "CVE-2017-18706", }, { db: "JVNDB", id: "JVNDB-2017-015004", }, { db: "CNNVD", id: "CNNVD-202004-2095", }, { db: "NVD", id: "CVE-2017-18706", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28006", }, { db: "VULMON", id: "CVE-2017-18706", }, { db: "JVNDB", id: "JVNDB-2017-015004", }, { db: "CNNVD", id: "CNNVD-202004-2095", }, { db: "NVD", id: "CVE-2017-18706", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-13T00:00:00", db: "CNVD", id: "CNVD-2020-28006", }, { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2017-18706", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2017-015004", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-2095", }, { date: "2020-04-24T14:15:12.483000", db: "NVD", id: "CVE-2017-18706", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-13T00:00:00", db: "CNVD", id: "CNVD-2020-28006", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2017-18706", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2017-015004", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2095", }, { date: "2024-11-21T03:20:42.817000", db: "NVD", id: "CVE-2017-18706", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2095", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-015004", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2095", }, ], trust: 0.6, }, }
var-202004-1578
Vulnerability from variot
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1578", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "v4 1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v4 1.0.0.54", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "v3 1.0.0.54", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "v5 1.0.0.64", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57164", }, { db: "JVNDB", id: "JVNDB-2018-016414", }, { db: "NVD", id: "CVE-2018-21142", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016414", }, ], }, cve: "CVE-2018-21142", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2018-21142", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016414", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CNVD-2021-57164", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, id: "CVE-2018-21142", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.9, id: "CVE-2018-21142", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 4.9, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016414", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21142", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21142", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016414", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-57164", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2034", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57164", }, { db: "JVNDB", id: "JVNDB-2018-016414", }, { db: "CNNVD", id: "CNNVD-202004-2034", }, { db: "NVD", id: "CVE-2018-21142", }, { db: "NVD", id: "CVE-2018-21142", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products", sources: [ { db: "NVD", id: "CVE-2018-21142", }, { db: "JVNDB", id: "JVNDB-2018-016414", }, { db: "CNVD", id: "CNVD-2021-57164", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21142", trust: 3, }, { db: "JVNDB", id: "JVNDB-2018-016414", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-57164", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2034", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57164", }, { db: "JVNDB", id: "JVNDB-2018-016414", }, { db: "CNNVD", id: "CNNVD-202004-2034", }, { db: "NVD", id: "CVE-2018-21142", }, ], }, id: "VAR-202004-1578", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-57164", }, ], trust: 1.252275467, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57164", }, ], }, last_update_date: "2024-11-23T22:29:38.806000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Denial of Service on Some Routers, PSV-2017-3169", trust: 0.8, url: "https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169", }, { title: "Patch for Denial of service vulnerability in multiple NETGEAR products (CNVD-2021-57164)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/282701", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116789", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57164", }, { db: "JVNDB", id: "JVNDB-2018-016414", }, { db: "CNNVD", id: "CNNVD-202004-2034", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2018-21142", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21142", }, { trust: 1.6, url: "https://kb.netgear.com/000059491/security-advisory-for-denial-of-service-on-some-routers-psv-2017-3169", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21142", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57164", }, { db: "JVNDB", id: "JVNDB-2018-016414", }, { db: "CNNVD", id: "CNNVD-202004-2034", }, { db: "NVD", id: "CVE-2018-21142", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-57164", }, { db: "JVNDB", id: "JVNDB-2018-016414", }, { db: "CNNVD", id: "CNNVD-202004-2034", }, { db: "NVD", id: "CVE-2018-21142", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-28T00:00:00", db: "CNVD", id: "CNVD-2021-57164", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016414", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-2034", }, { date: "2020-04-23T21:15:11.750000", db: "NVD", id: "CVE-2018-21142", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-31T00:00:00", db: "CNVD", id: "CNVD-2021-57164", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016414", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2034", }, { date: "2024-11-21T04:03:00.197000", db: "NVD", id: "CVE-2018-21142", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2034", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016414", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2034", }, ], trust: 0.6, }, }
var-202004-1712
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router.
A buffer error vulnerability exists in many NETGEAR products. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1712", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46353", }, { db: "VULMON", id: "CVE-2018-21201", }, { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "NVD", id: "CVE-2018-21201", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016350", }, ], }, cve: "CVE-2018-21201", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21201", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016350", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-46353", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21201", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21201", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016350", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21201", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21201", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016350", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-46353", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2267", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21201", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46353", }, { db: "VULMON", id: "CVE-2018-21201", }, { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "CNNVD", id: "CNNVD-202004-2267", }, { db: "NVD", id: "CVE-2018-21201", }, { db: "NVD", id: "CVE-2018-21201", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. \n\r\n\r\nA buffer error vulnerability exists in many NETGEAR products. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21201", }, { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "CNVD", id: "CNVD-2021-46353", }, { db: "VULMON", id: "CVE-2018-21201", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21201", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016350", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-46353", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2267", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21201", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46353", }, { db: "VULMON", id: "CVE-2018-21201", }, { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "CNNVD", id: "CNNVD-202004-2267", }, { db: "NVD", id: "CVE-2018-21201", }, ], }, id: "VAR-202004-1712", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-46353", }, ], trust: 1.2939943166666668, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46353", }, ], }, last_update_date: "2024-11-23T22:11:29.968000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2591", trust: 0.8, url: "https://kb.netgear.com/000055148/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2591", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-46353)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/275816", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117359", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46353", }, { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "CNNVD", id: "CNNVD-202004-2267", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "NVD", id: "CVE-2018-21201", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21201", }, { trust: 1.7, url: "https://kb.netgear.com/000055148/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2591", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21201", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46353", }, { db: "VULMON", id: "CVE-2018-21201", }, { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "CNNVD", id: "CNNVD-202004-2267", }, { db: "NVD", id: "CVE-2018-21201", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-46353", }, { db: "VULMON", id: "CVE-2018-21201", }, { db: "JVNDB", id: "JVNDB-2018-016350", }, { db: "CNNVD", id: "CNNVD-202004-2267", }, { db: "NVD", id: "CVE-2018-21201", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-27T00:00:00", db: "CNVD", id: "CNVD-2021-46353", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21201", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016350", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2267", }, { date: "2020-04-28T16:15:13.263000", db: "NVD", id: "CVE-2018-21201", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-01T00:00:00", db: "CNVD", id: "CNVD-2021-46353", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2018-21201", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016350", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2267", }, { date: "2024-11-21T04:03:09.720000", db: "NVD", id: "CVE-2018-21201", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2267", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016350", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2267", }, ], trust: 0.6, }, }
var-202004-1688
Vulnerability from variot
plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained and tampered with. Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 prior to 1.0.0.27, D500 prior to 1.0.0.27, D6100 prior to 1.0.0.57, D6220 prior to 1.0.0.40, D6400 prior to 1.0.0.74, D7000 prior to 1.0.1.60, D7800 prior to 1.0.1.34, D8500 prior to 1.0.3.39, DGN2200v4 prior to 1.0.0.94, DGN2200Bv4 prior to 1.0.0.94, EX2700 prior to 1.0.1.42, EX3700 prior to 1.0.0.64, EX3800 prior to 1.0.0.64, EX6000 prior to 1.0.0.24, EX6100 prior to 1.0.2.18, EX6120 prior to 1.0.0.32, EX6130 prior to 1.0.0.22, EX6150 prior to 1.0.0.34_1.0.70, EX6200 prior to 1.0.3.82_1.1.117, EX6400 prior to 1.0.1.78, EX7000 prior to 1.0.0.56, EX7300 prior to 1.0.1., JNR1010v2 prior to 1.1.0.42, JR6150 prior to 1.0.1.10, JWNR2010v5 prior to 1.1.0.42, PR2000 prior to 1.0.0.22, R6050 prior to 1.0.1.10, R6100 prior to 1.0.1.16, R6220 prior to 1.1.0.50, R6250 prior to 1.0.4.14, R6300v2 prior to 1.0.4.12, R6400v2 prior to 1.0.2.34, R6700 prior to 1.0.1.26, R6900 prior to 1.0.1.26, R6900P prior to 1.2.0.22, R7000 prior to 1.0.9.6, R7000P prior to 1.2.0.22, R7100LG prior to 1.0.0.40, R7300DST prior to 1.0.0.54, R7500 prior to 1.0.0.110, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.44, R7900 prior to 1.0.1.26, R8000 prior to 1.0.3.48, R8300 prior to 1.0.2.104, R8500 prior to 1.0.2.104, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN2500RPv2 prior to 1.0.1.46, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.56, WNDR3400v3 prior to 1.0.1.14, WNDR3700v4 prior to 1.0.2.96, WNDR3700v5 prior to 1.1.0.54, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.42, WNR2000v5 prior to 1.0.0.64, WNR2020 prior to 1.1.0.42, and WNR2050 prior to 1.1.0.42
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1688", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ex6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.32", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "dgn2200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.94", }, { model: "r6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.14", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.18", }, { model: "pr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.22", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "d6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.40", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.34", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "d500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.27", }, { model: "wnr2020", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "d1500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.27", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.22", }, { model: "ex3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "r7300dst", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr3400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.14", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.42", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.57", }, { model: "r6050", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.10", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.44", }, { model: "wn2500rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.46", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.22", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.98", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.82_1.1.117", }, { model: "dgn2200b", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.94", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.48", }, { model: "ex6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.24", }, { model: "ex6130", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.22", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.16", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.54", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "r6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "ex7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.9.6", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.40", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.110", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.34", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.34_1.0.70", }, { model: "jr6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.10", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.66", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "d6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.74", }, { model: "r8300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "d8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.39", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "wnr2050", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "ex3800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "d1500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.27", }, { model: "d500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.27", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d6220", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.40", }, { model: "d6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.74", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.60", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "d8500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.39", }, { model: "dgn2200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.94", }, { model: "dgn2200b", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.94", }, { model: "d1500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.20", }, { model: "d1500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.25", }, { model: "d500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.25", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "d6220", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.22", }, { model: "d6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.26", }, { model: "d6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.28", }, { model: "d6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.32", }, { model: "d6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.38", }, { model: "d6400", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "d6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.60", }, { model: "d6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.66", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.38", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.44", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.51", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.74", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.52", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.30", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.31", }, { model: "d8500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.27", }, { model: "d8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.28", }, { model: "d8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.29", }, { model: "d8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.35", }, { model: "d8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.36", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.82", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.86", }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.82", }, { model: "ex2700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "ex2700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.32", }, { model: "ex3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex3800", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.54", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.60", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.70", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16 1.1.130", }, { model: "ex6120", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex6130", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex6130", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.16", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.44", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.52", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.56", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.62", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.64", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.72", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.74", }, { model: "ex6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.60", }, { model: "ex6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.72", }, { model: "ex7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "ex7300", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.32", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.17", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.7", }, { model: "jwnr2010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "pr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "pr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.17", }, { model: "pr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.18", }, { model: "pr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.20", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.86", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.7", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.6 10.1.12", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.8", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.12", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.36", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.06", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.6", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.8", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.8 10.0.77", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.18", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.32", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.36", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.42", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.44", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.18", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "r6900", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r6900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "r6900p", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6900p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6900p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "r6900p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, { model: "r6900p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.7.2 1.1.93", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.7.10", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.4", }, { model: "r7000p", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r7000p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r7000p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "r7000p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7000p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.86", }, { model: "r7000p", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7100lg", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r7100lg", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.28", }, { model: "r7100lg", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.30", }, { model: "r7100lg", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.32", }, { model: "r7100lg", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.34", }, { model: "r7300dst", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r7300dst", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.44", }, { model: "r7300dst", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.46", }, { model: "r7300dst", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.42", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.8", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.18", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.22", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.24", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.26", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.32", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.36", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.44", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.46", }, { model: "r8300", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r8300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.74", }, { model: "r8300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "r8300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "r8300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.100 1.0.82", }, { model: "r8500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.74", }, { model: "r8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "r8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "r8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.100", }, { model: "r8500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.100 1.0.82", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.6", }, { model: "wn2000rpt", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.8", }, { model: "wn2000rpt", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "wn2000rpt", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "wn2500rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.44", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.50", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "wn3100rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.20", }, { model: "wn3100rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.40", }, { model: "wn3100rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.8", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.48", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2020", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr2050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, ], sources: [ { db: "VULMON", id: "CVE-2018-21230", }, { db: "JVNDB", id: "JVNDB-2018-016406", }, { db: "NVD", id: "CVE-2018-21230", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d1500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6220_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d8500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dgn2200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dgn2200b_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016406", }, ], }, cve: "CVE-2018-21230", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21230", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016406", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2018-21230", impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.1, id: "CVE-2018-21230", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2018-016406", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21230", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21230", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016406", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-2128", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21230", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2018-21230", }, { db: "JVNDB", id: "JVNDB-2018-016406", }, { db: "CNNVD", id: "CNNVD-202004-2128", }, { db: "NVD", id: "CVE-2018-21230", }, { db: "NVD", id: "CVE-2018-21230", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained and tampered with. Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 prior to 1.0.0.27, D500 prior to 1.0.0.27, D6100 prior to 1.0.0.57, D6220 prior to 1.0.0.40, D6400 prior to 1.0.0.74, D7000 prior to 1.0.1.60, D7800 prior to 1.0.1.34, D8500 prior to 1.0.3.39, DGN2200v4 prior to 1.0.0.94, DGN2200Bv4 prior to 1.0.0.94, EX2700 prior to 1.0.1.42, EX3700 prior to 1.0.0.64, EX3800 prior to 1.0.0.64, EX6000 prior to 1.0.0.24, EX6100 prior to 1.0.2.18, EX6120 prior to 1.0.0.32, EX6130 prior to 1.0.0.22, EX6150 prior to 1.0.0.34_1.0.70, EX6200 prior to 1.0.3.82_1.1.117, EX6400 prior to 1.0.1.78, EX7000 prior to 1.0.0.56, EX7300 prior to 1.0.1., JNR1010v2 prior to 1.1.0.42, JR6150 prior to 1.0.1.10, JWNR2010v5 prior to 1.1.0.42, PR2000 prior to 1.0.0.22, R6050 prior to 1.0.1.10, R6100 prior to 1.0.1.16, R6220 prior to 1.1.0.50, R6250 prior to 1.0.4.14, R6300v2 prior to 1.0.4.12, R6400v2 prior to 1.0.2.34, R6700 prior to 1.0.1.26, R6900 prior to 1.0.1.26, R6900P prior to 1.2.0.22, R7000 prior to 1.0.9.6, R7000P prior to 1.2.0.22, R7100LG prior to 1.0.0.40, R7300DST prior to 1.0.0.54, R7500 prior to 1.0.0.110, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.44, R7900 prior to 1.0.1.26, R8000 prior to 1.0.3.48, R8300 prior to 1.0.2.104, R8500 prior to 1.0.2.104, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN2500RPv2 prior to 1.0.1.46, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.56, WNDR3400v3 prior to 1.0.1.14, WNDR3700v4 prior to 1.0.2.96, WNDR3700v5 prior to 1.1.0.54, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.42, WNR2000v5 prior to 1.0.0.64, WNR2020 prior to 1.1.0.42, and WNR2050 prior to 1.1.0.42", sources: [ { db: "JVNDB", id: "JVNDB-2018-016406", }, { db: "VULMON", id: "CVE-2018-21230", }, ], trust: 0.81, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21230", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2018-016406", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-2128", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21230", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2018-21230", }, { db: "JVNDB", id: "JVNDB-2018-016406", }, { db: "CNNVD", id: "CNNVD-202004-2128", }, { db: "NVD", id: "CVE-2018-21230", }, ], }, id: "VAR-202004-1688", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4058950425581394, }, last_update_date: "2024-11-23T21:59:20.057000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Security Misconfiguration on Some Routers, Gateways, and Extenders, PSV-2016-0117", trust: 0.8, url: "https://kb.netgear.com/000055104/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0117", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117051", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016406", }, { db: "CNNVD", id: "CNNVD-202004-2128", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2018-21230", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000055104/security-advisory-for-security-misconfiguration-on-some-routers-gateways-and-extenders-psv-2016-0117", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21230", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21230", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2018-21230", }, { db: "JVNDB", id: "JVNDB-2018-016406", }, { db: "CNNVD", id: "CNNVD-202004-2128", }, { db: "NVD", id: "CVE-2018-21230", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2018-21230", }, { db: "JVNDB", id: "JVNDB-2018-016406", }, { db: "CNNVD", id: "CNNVD-202004-2128", }, { db: "NVD", id: "CVE-2018-21230", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2018-21230", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016406", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-2128", }, { date: "2020-04-24T15:15:12.957000", db: "NVD", id: "CVE-2018-21230", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21230", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016406", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2128", }, { date: "2024-11-21T04:03:14.210000", db: "NVD", id: "CVE-2018-21230", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2128", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016406", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2128", }, ], trust: 0.6, }, }
var-202004-1677
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1677", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28114", }, { db: "VULMON", id: "CVE-2018-21175", }, { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "NVD", id: "CVE-2018-21175", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016384", }, ], }, cve: "CVE-2018-21175", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2018-21175", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016384", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2020-28114", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2018-21175", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21175", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016384", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21175", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21175", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016384", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-28114", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2218", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21175", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28114", }, { db: "VULMON", id: "CVE-2018-21175", }, { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "CNNVD", id: "CNNVD-202004-2218", }, { db: "NVD", id: "CVE-2018-21175", }, { db: "NVD", id: "CVE-2018-21175", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21175", }, { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "CNVD", id: "CNVD-2020-28114", }, { db: "VULMON", id: "CVE-2018-21175", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21175", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016384", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28114", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2218", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21175", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28114", }, { db: "VULMON", id: "CVE-2018-21175", }, { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "CNNVD", id: "CNNVD-202004-2218", }, { db: "NVD", id: "CVE-2018-21175", }, ], }, id: "VAR-202004-1677", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28114", }, ], trust: 1.2939943166666668, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28114", }, ], }, last_update_date: "2024-11-23T23:01:24.106000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2624", trust: 0.8, url: "https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28114)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217413", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117723", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28114", }, { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "CNNVD", id: "CNNVD-202004-2218", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "NVD", id: "CVE-2018-21175", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21175", }, { trust: 1.7, url: "https://kb.netgear.com/000055183/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2624", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21175", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28114", }, { db: "VULMON", id: "CVE-2018-21175", }, { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "CNNVD", id: "CNNVD-202004-2218", }, { db: "NVD", id: "CVE-2018-21175", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28114", }, { db: "VULMON", id: "CVE-2018-21175", }, { db: "JVNDB", id: "JVNDB-2018-016384", }, { db: "CNNVD", id: "CNNVD-202004-2218", }, { db: "NVD", id: "CVE-2018-21175", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28114", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21175", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016384", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2218", }, { date: "2020-04-27T20:15:11.837000", db: "NVD", id: "CVE-2018-21175", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28114", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21175", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016384", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2218", }, { date: "2024-11-21T04:03:05.620000", db: "NVD", id: "CVE-2018-21175", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2218", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016384", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2218", }, ], trust: 0.6, }, }
var-202004-0756
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0756", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "xr500", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.2.32", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.63", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.72", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.72", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.104", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66984", }, { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "NVD", id: "CVE-2019-20736", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015453", }, ], }, cve: "CVE-2019-20736", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20736", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015453", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-66984", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20736", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20736", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015453", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20736", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20736", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015453", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-66984", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1347", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66984", }, { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "CNNVD", id: "CNNVD-202004-1347", }, { db: "NVD", id: "CVE-2019-20736", }, { db: "NVD", id: "CVE-2019-20736", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc", sources: [ { db: "NVD", id: "CVE-2019-20736", }, { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "CNVD", id: "CNVD-2021-66984", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20736", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015453", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-66984", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1347", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66984", }, { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "CNNVD", id: "CNNVD-202004-1347", }, { db: "NVD", id: "CVE-2019-20736", }, ], }, id: "VAR-202004-0756", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-66984", }, ], trust: 1.2411164908333334, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66984", }, ], }, last_update_date: "2024-11-23T23:08:03.187000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2018-0133", trust: 0.8, url: "https://kb.netgear.com/000061190/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0133", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-66984)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/288736", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114906", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66984", }, { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "CNNVD", id: "CNNVD-202004-1347", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "NVD", id: "CVE-2019-20736", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20736", }, { trust: 1.6, url: "https://kb.netgear.com/000061190/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2018-0133", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20736", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66984", }, { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "CNNVD", id: "CNNVD-202004-1347", }, { db: "NVD", id: "CVE-2019-20736", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-66984", }, { db: "JVNDB", id: "JVNDB-2019-015453", }, { db: "CNNVD", id: "CNNVD-202004-1347", }, { db: "NVD", id: "CVE-2019-20736", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-31T00:00:00", db: "CNVD", id: "CNVD-2021-66984", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015453", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1347", }, { date: "2020-04-16T20:15:13.680000", db: "NVD", id: "CVE-2019-20736", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-31T00:00:00", db: "CNVD", id: "CNVD-2021-66984", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015453", }, { date: "2020-04-17T00:00:00", db: "CNNVD", id: "CNNVD-202004-1347", }, { date: "2024-11-21T04:39:13.527000", db: "NVD", id: "CVE-2019-20736", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015453", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1347", }, ], trust: 0.6, }, }
var-202004-0793
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0793", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.16", }, { model: "rbk20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbr20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbs20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbk50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbr50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbs50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbs40", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.104", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.58", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.40", }, { model: "rax120", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.74", }, { model: "rbk40", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "srk60", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.2.0.64", }, { model: "srr60", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.2.0.64", }, { model: "srs60", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.2.0.64", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.34", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.40", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.34", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.16", }, { model: "rax120", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.74", }, { model: "rbk20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.22", }, { model: "rbr20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.22", }, { model: "rbs20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.22", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.66", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.56", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.34", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-63773", }, { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "NVD", id: "CVE-2019-20747", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rax120_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbs20_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015456", }, ], }, cve: "CVE-2019-20747", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20747", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015456", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-63773", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20747", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20747", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015456", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20747", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20747", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015456", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-63773", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1358", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-63773", }, { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "CNNVD", id: "CNNVD-202004-1358", }, { db: "NVD", id: "CVE-2019-20747", }, { db: "NVD", id: "CVE-2019-20747", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow", sources: [ { db: "NVD", id: "CVE-2019-20747", }, { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "CNVD", id: "CNVD-2021-63773", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20747", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015456", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-63773", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1358", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-63773", }, { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "CNNVD", id: "CNNVD-202004-1358", }, { db: "NVD", id: "CVE-2019-20747", }, ], }, id: "VAR-202004-0793", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-63773", }, ], trust: 1.0579544258333333, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-63773", }, ], }, last_update_date: "2024-11-23T22:33:29.094000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, Gateways, and WiFi Systems, PSV-2018-0032", trust: 0.8, url: "https://kb.netgear.com/000060962/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0032", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-63773)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/287186", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114946", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-63773", }, { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "CNNVD", id: "CNNVD-202004-1358", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "NVD", id: "CVE-2019-20747", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20747", }, { trust: 1.6, url: "https://kb.netgear.com/000060962/security-advisory-for-post-authentication-stack-overflow-on-some-routers-gateways-and-wifi-systems-psv-2018-0032", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20747", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-63773", }, { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "CNNVD", id: "CNNVD-202004-1358", }, { db: "NVD", id: "CVE-2019-20747", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-63773", }, { db: "JVNDB", id: "JVNDB-2019-015456", }, { db: "CNNVD", id: "CNNVD-202004-1358", }, { db: "NVD", id: "CVE-2019-20747", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-19T00:00:00", db: "CNVD", id: "CNVD-2021-63773", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015456", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1358", }, { date: "2020-04-16T21:15:12.817000", db: "NVD", id: "CVE-2019-20747", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-21T00:00:00", db: "CNVD", id: "CNVD-2021-63773", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015456", }, { date: "2020-04-17T00:00:00", db: "CNNVD", id: "CNNVD-202004-1358", }, { date: "2024-11-21T04:39:15.360000", db: "NVD", id: "CVE-2019-20747", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015456", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1358", }, ], trust: 0.6, }, }
var-202004-1708
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1708", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.26", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.26", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.30", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.31", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28273", }, { db: "VULMON", id: "CVE-2018-21197", }, { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "NVD", id: "CVE-2018-21197", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016360", }, ], }, cve: "CVE-2018-21197", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21197", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016360", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28273", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21197", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21197", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016360", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21197", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21197", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016360", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28273", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2276", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21197", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28273", }, { db: "VULMON", id: "CVE-2018-21197", }, { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "CNNVD", id: "CNNVD-202004-2276", }, { db: "NVD", id: "CVE-2018-21197", }, { db: "NVD", id: "CVE-2018-21197", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21197", }, { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "CNVD", id: "CNVD-2020-28273", }, { db: "VULMON", id: "CVE-2018-21197", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21197", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016360", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28273", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2276", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21197", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28273", }, { db: "VULMON", id: "CVE-2018-21197", }, { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "CNNVD", id: "CNNVD-202004-2276", }, { db: "NVD", id: "CVE-2018-21197", }, ], }, id: "VAR-202004-1708", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28273", }, ], trust: 1.2910627672727273, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28273", }, ], }, last_update_date: "2024-11-23T22:58:17.880000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2596", trust: 0.8, url: "https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28273)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217549", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117368", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28273", }, { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "CNNVD", id: "CNNVD-202004-2276", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "NVD", id: "CVE-2018-21197", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21197", }, { trust: 1.7, url: "https://kb.netgear.com/000055152/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2596", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21197", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28273", }, { db: "VULMON", id: "CVE-2018-21197", }, { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "CNNVD", id: "CNNVD-202004-2276", }, { db: "NVD", id: "CVE-2018-21197", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28273", }, { db: "VULMON", id: "CVE-2018-21197", }, { db: "JVNDB", id: "JVNDB-2018-016360", }, { db: "CNNVD", id: "CNNVD-202004-2276", }, { db: "NVD", id: "CVE-2018-21197", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28273", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21197", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016360", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2276", }, { date: "2020-04-28T16:15:13.043000", db: "NVD", id: "CVE-2018-21197", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28273", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21197", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016360", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2276", }, { date: "2024-11-21T04:03:09.080000", db: "NVD", id: "CVE-2018-21197", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2276", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016360", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2276", }, ], trust: 0.6, }, }
var-202004-1366
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1366", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.90", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.55", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.50", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "r6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.30", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.4", }, { model: "r6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.4", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6800", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.4", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.48", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.110", }, { model: "wnr2050", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "jr6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.10", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6050", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.10", }, { model: "pr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.18", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.20", }, { model: "wnr2020", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.36", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.55", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.28", }, { model: "jnr1010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.44", }, { model: "jr6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.10", }, { model: "jwnr2010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.44", }, { model: "pr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.18", }, { model: "r6050", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.10", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.14", }, { model: "r6120", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.30", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, { db: "NVD", id: "CVE-2017-18764", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jnr1010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jr6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jwnr2010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:pr2000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6050_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6120_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, ], }, cve: "CVE-2017-18764", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2017-18764", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014905", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18764", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18764", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014905", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18764", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18764", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014905", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202004-1910", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, { db: "CNNVD", id: "CNNVD-202004-1910", }, { db: "NVD", id: "CVE-2017-18764", }, { db: "NVD", id: "CVE-2017-18764", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2017-18764", }, { db: "JVNDB", id: "JVNDB-2017-014905", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18764", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2017-014905", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1910", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, { db: "CNNVD", id: "CNNVD-202004-1910", }, { db: "NVD", id: "CVE-2017-18764", }, ], }, id: "VAR-202004-1366", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4303076327777777, }, last_update_date: "2024-11-23T22:44:36.363000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Command Injection on Some Routers, Gateways, and Extenders, PSV-2017-2210", trust: 0.8, url: "https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210", }, { title: "Multiple NETGEAR Fixing measures for product injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117246", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, { db: "CNNVD", id: "CNNVD-202004-1910", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, { db: "NVD", id: "CVE-2017-18764", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000051481/security-advisory-for-pre-authentication-command-injection-on-some-routers-gateways-and-extenders-psv-2017-2210", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18764", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18764", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, { db: "CNNVD", id: "CNNVD-202004-1910", }, { db: "NVD", id: "CVE-2017-18764", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, { db: "CNNVD", id: "CNNVD-202004-1910", }, { db: "NVD", id: "CVE-2017-18764", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014905", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1910", }, { date: "2020-04-22T16:15:11.497000", db: "NVD", id: "CVE-2017-18764", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014905", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1910", }, { date: "2024-11-21T03:20:51.747000", db: "NVD", id: "CVE-2017-18764", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1910", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014905", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1910", }, ], trust: 0.6, }, }
var-202004-1698
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.30, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1698", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28247", }, { db: "VULMON", id: "CVE-2018-21187", }, { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "NVD", id: "CVE-2018-21187", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016374", }, ], }, cve: "CVE-2018-21187", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21187", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016374", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28247", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21187", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21187", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016374", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21187", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21187", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016374", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28247", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2249", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21187", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28247", }, { db: "VULMON", id: "CVE-2018-21187", }, { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "CNNVD", id: "CNNVD-202004-2249", }, { db: "NVD", id: "CVE-2018-21187", }, { db: "NVD", id: "CVE-2018-21187", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.30, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21187", }, { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "CNVD", id: "CNVD-2020-28247", }, { db: "VULMON", id: "CVE-2018-21187", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21187", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016374", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28247", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2249", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21187", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28247", }, { db: "VULMON", id: "CVE-2018-21187", }, { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "CNNVD", id: "CNNVD-202004-2249", }, { db: "NVD", id: "CVE-2018-21187", }, ], }, id: "VAR-202004-1698", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28247", }, ], trust: 1.300062814, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28247", }, ], }, last_update_date: "2024-11-23T23:01:24.075000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2608", trust: 0.8, url: "https://kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28247)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217467", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117342", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28247", }, { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "CNNVD", id: "CNNVD-202004-2249", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "NVD", id: "CVE-2018-21187", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21187", }, { trust: 1.7, url: "https://kb.netgear.com/000055170/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2608", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21187", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28247", }, { db: "VULMON", id: "CVE-2018-21187", }, { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "CNNVD", id: "CNNVD-202004-2249", }, { db: "NVD", id: "CVE-2018-21187", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28247", }, { db: "VULMON", id: "CVE-2018-21187", }, { db: "JVNDB", id: "JVNDB-2018-016374", }, { db: "CNNVD", id: "CNNVD-202004-2249", }, { db: "NVD", id: "CVE-2018-21187", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28247", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21187", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016374", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2249", }, { date: "2020-04-28T15:15:12.427000", db: "NVD", id: "CVE-2018-21187", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28247", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21187", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016374", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2249", }, { date: "2024-11-21T04:03:07.490000", db: "NVD", id: "CVE-2018-21187", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2249", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016374", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2249", }, ], trust: 0.6, }, }
var-202004-1676
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1676", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28113", }, { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "NVD", id: "CVE-2018-21174", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016383", }, ], }, cve: "CVE-2018-21174", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2018-21174", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016383", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2020-28113", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2018-21174", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21174", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016383", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21174", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21174", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016383", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-28113", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2217", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21174", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28113", }, { db: "VULMON", id: "CVE-2018-21174", }, { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "CNNVD", id: "CNNVD-202004-2217", }, { db: "NVD", id: "CVE-2018-21174", }, { db: "NVD", id: "CVE-2018-21174", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21174", }, { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "CNVD", id: "CNVD-2020-28113", }, { db: "VULMON", id: "CVE-2018-21174", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21174", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016383", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28113", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2217", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21174", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28113", }, { db: "VULMON", id: "CVE-2018-21174", }, { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "CNNVD", id: "CNNVD-202004-2217", }, { db: "NVD", id: "CVE-2018-21174", }, ], }, id: "VAR-202004-1676", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28113", }, ], trust: 1.2820507277777775, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28113", }, ], }, last_update_date: "2024-11-23T21:35:53.276000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2625", trust: 0.8, url: "https://kb.netgear.com/000055184/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2625", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28113)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217415", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117722", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28113", }, { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "CNNVD", id: "CNNVD-202004-2217", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "NVD", id: "CVE-2018-21174", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21174", }, { trust: 1.7, url: "https://kb.netgear.com/000055184/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2625", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21174", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28113", }, { db: "VULMON", id: "CVE-2018-21174", }, { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "CNNVD", id: "CNNVD-202004-2217", }, { db: "NVD", id: "CVE-2018-21174", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28113", }, { db: "VULMON", id: "CVE-2018-21174", }, { db: "JVNDB", id: "JVNDB-2018-016383", }, { db: "CNNVD", id: "CNNVD-202004-2217", }, { db: "NVD", id: "CVE-2018-21174", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28113", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21174", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016383", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2217", }, { date: "2020-04-27T19:15:12.527000", db: "NVD", id: "CVE-2018-21174", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28113", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21174", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016383", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2217", }, { date: "2024-11-21T04:03:05.230000", db: "NVD", id: "CVE-2018-21174", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2217", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016383", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2217", }, ], trust: 0.6, }, }
var-202004-0789
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0789", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "xr500", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.2.32", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.63", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.68", }, { model: "xr500", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.2.32", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.104", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61058", }, { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "NVD", id: "CVE-2019-20727", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:xr500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015320", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1311", }, ], trust: 0.6, }, cve: "CVE-2019-20727", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20727", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015320", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-61058", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20727", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20727", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015320", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20727", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20727", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015320", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-61058", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1311", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61058", }, { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "CNNVD", id: "CNNVD-202004-1311", }, { db: "NVD", id: "CVE-2019-20727", }, { db: "NVD", id: "CVE-2019-20727", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands", sources: [ { db: "NVD", id: "CVE-2019-20727", }, { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "CNVD", id: "CNVD-2021-61058", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20727", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015320", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-61058", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1311", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61058", }, { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "CNNVD", id: "CNNVD-202004-1311", }, { db: "NVD", id: "CVE-2019-20727", }, ], }, id: "VAR-202004-0789", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-61058", }, ], trust: 1.2535841445454543, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61058", }, ], }, last_update_date: "2024-11-23T21:51:35.178000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0139", trust: 0.8, url: "https://kb.netgear.com/000061201/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0139", }, { title: "Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-61058)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/285386", }, { title: "Multiple NETGEAR Fixing measures for product injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116577", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61058", }, { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "CNNVD", id: "CNNVD-202004-1311", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-74", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "NVD", id: "CVE-2019-20727", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20727", }, { trust: 1.6, url: "https://kb.netgear.com/000061201/security-advisory-for-post-authentication-command-injection-on-some-routers-and-gateways-psv-2018-0139", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20727", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61058", }, { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "CNNVD", id: "CNNVD-202004-1311", }, { db: "NVD", id: "CVE-2019-20727", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-61058", }, { db: "JVNDB", id: "JVNDB-2019-015320", }, { db: "CNNVD", id: "CNNVD-202004-1311", }, { db: "NVD", id: "CVE-2019-20727", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61058", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015320", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1311", }, { date: "2020-04-16T19:15:25.587000", db: "NVD", id: "CVE-2019-20727", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61058", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015320", }, { date: "2020-10-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1311", }, { date: "2024-11-21T04:39:11.923000", db: "NVD", id: "CVE-2019-20727", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1311", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015320", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1311", }, ], trust: 0.6, }, }
var-202004-1697
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1697", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28246", }, { db: "VULMON", id: "CVE-2018-21186", }, { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "NVD", id: "CVE-2018-21186", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016375", }, ], }, cve: "CVE-2018-21186", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21186", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016375", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28246", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21186", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21186", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016375", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21186", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21186", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016375", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28246", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2250", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21186", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28246", }, { db: "VULMON", id: "CVE-2018-21186", }, { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "CNNVD", id: "CNNVD-202004-2250", }, { db: "NVD", id: "CVE-2018-21186", }, { db: "NVD", id: "CVE-2018-21186", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21186", }, { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "CNVD", id: "CNVD-2020-28246", }, { db: "VULMON", id: "CVE-2018-21186", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21186", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016375", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28246", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2250", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21186", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28246", }, { db: "VULMON", id: "CVE-2018-21186", }, { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "CNNVD", id: "CNNVD-202004-2250", }, { db: "NVD", id: "CVE-2018-21186", }, ], }, id: "VAR-202004-1697", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28246", }, ], trust: 1.2910627672727273, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28246", }, ], }, last_update_date: "2024-11-23T21:35:53.240000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2609", trust: 0.8, url: "https://kb.netgear.com/000055172/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2609", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28246)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217469", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117343", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28246", }, { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "CNNVD", id: "CNNVD-202004-2250", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "NVD", id: "CVE-2018-21186", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21186", }, { trust: 1.7, url: "https://kb.netgear.com/000055172/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2609", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21186", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28246", }, { db: "VULMON", id: "CVE-2018-21186", }, { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "CNNVD", id: "CNNVD-202004-2250", }, { db: "NVD", id: "CVE-2018-21186", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28246", }, { db: "VULMON", id: "CVE-2018-21186", }, { db: "JVNDB", id: "JVNDB-2018-016375", }, { db: "CNNVD", id: "CNNVD-202004-2250", }, { db: "NVD", id: "CVE-2018-21186", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28246", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21186", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016375", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2250", }, { date: "2020-04-28T15:15:12.363000", db: "NVD", id: "CVE-2018-21186", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28246", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21186", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016375", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2250", }, { date: "2024-11-21T04:03:07.333000", db: "NVD", id: "CVE-2018-21186", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2250", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016375", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2250", }, ], trust: 0.6, }, }
var-202004-1701
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router.
There are buffer error vulnerabilities in many NETGEAR products. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1701", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.30", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.31", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28235", }, { db: "VULMON", id: "CVE-2018-21190", }, { db: "JVNDB", id: "JVNDB-2018-016371", }, { db: "NVD", id: "CVE-2018-21190", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016371", }, ], }, cve: "CVE-2018-21190", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21190", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016371", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "MULTIPLE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 4.1, id: "CNVD-2020-28235", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:A/AC:L/Au:M/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21190", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21190", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016371", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21190", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21190", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016371", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28235", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202004-2253", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21190", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28235", }, { db: "VULMON", id: "CVE-2018-21190", }, { db: "JVNDB", id: "JVNDB-2018-016371", }, { db: "CNNVD", id: "CNNVD-202004-2253", }, { db: "NVD", id: "CVE-2018-21190", }, { db: "NVD", id: "CVE-2018-21190", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. \n\r\n\r\nThere are buffer error vulnerabilities in many NETGEAR products. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21190", }, { db: "JVNDB", id: "JVNDB-2018-016371", }, { db: "CNVD", id: "CNVD-2020-28235", }, { db: "VULMON", id: "CVE-2018-21190", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21190", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016371", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28235", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2253", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21190", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28235", }, { db: "VULMON", id: "CVE-2018-21190", }, { db: "JVNDB", id: "JVNDB-2018-016371", }, { db: "CNNVD", id: "CNNVD-202004-2253", }, { db: "NVD", id: "CVE-2018-21190", }, ], }, id: "VAR-202004-1701", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28235", }, ], trust: 1.244637929090909, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28235", }, ], }, last_update_date: "2024-11-23T23:04:24.738000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2605", trust: 0.8, url: "https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28235)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217479", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28235", }, { db: "JVNDB", id: "JVNDB-2018-016371", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016371", }, { db: "NVD", id: "CVE-2018-21190", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21190", }, { trust: 1.7, url: "https://kb.netgear.com/000055167/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2605", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21190", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28235", }, { db: "VULMON", id: "CVE-2018-21190", }, { db: "JVNDB", id: "JVNDB-2018-016371", }, { db: "CNNVD", id: "CNNVD-202004-2253", }, { db: "NVD", id: "CVE-2018-21190", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28235", }, { db: "VULMON", id: "CVE-2018-21190", }, { db: "JVNDB", id: "JVNDB-2018-016371", }, { db: "CNNVD", id: "CNNVD-202004-2253", }, { db: "NVD", id: "CVE-2018-21190", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28235", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21190", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016371", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2253", }, { date: "2020-04-28T15:15:12.597000", db: "NVD", id: "CVE-2018-21190", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28235", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21190", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016371", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2253", }, { date: "2024-11-21T04:03:07.983000", db: "NVD", id: "CVE-2018-21190", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2253", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016371", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2253", }, ], trust: 0.6, }, }
var-202004-1669
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. This affects D6100 prior to 1.0.0.57, DM200 prior to 1.0.0.50, EX2700 prior to 1.0.1.32, EX6100v2 prior to 1.0.1.70, EX6150v2 prior to 1.0.1.70, EX6200v2 prior to 1.0.1.62, EX6400 prior to 1.0.1.78, EX7300 prior to 1.0.1.78, EX8000 prior to 1.0.0.114, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.42, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1669", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.114", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.62", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.70", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.122", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.57", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.66", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.70", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "dm200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.22", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.98", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.42", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.32", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.70", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.70", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.62", }, { model: "ex6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.78", }, { model: "ex7300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.78", }, { model: "ex8000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.114", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "ex2700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.54", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.60", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.34 1.0.70", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.36", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.38", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.54", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.60", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.44", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.52", }, { model: "ex6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.56", }, { model: "ex6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.60", }, { model: "ex6400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.72", }, { model: "ex7300", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex7300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1", }, { model: "ex7300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.60", }, { model: "ex7300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.62", }, { model: "ex7300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.72", }, { model: "ex8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.102", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r8900", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r8900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.6", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.6", }, { model: "wn2000rpt", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.8", }, { model: "wn2000rpt", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "wn2000rpt", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.44", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.50", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "wn3100rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.20", }, { model: "wn3100rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, ], sources: [ { db: "VULMON", id: "CVE-2018-21167", }, { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "NVD", id: "CVE-2018-21167", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex7300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex8000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016392", }, ], }, cve: "CVE-2018-21167", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2018-21167", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1.1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016392", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, id: "CVE-2018-21167", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2018-21167", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2018-016392", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21167", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21167", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016392", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-2209", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21167", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2018-21167", }, { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "CNNVD", id: "CNNVD-202004-2209", }, { db: "NVD", id: "CVE-2018-21167", }, { db: "NVD", id: "CVE-2018-21167", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. This affects D6100 prior to 1.0.0.57, DM200 prior to 1.0.0.50, EX2700 prior to 1.0.1.32, EX6100v2 prior to 1.0.1.70, EX6150v2 prior to 1.0.1.70, EX6200v2 prior to 1.0.1.62, EX6400 prior to 1.0.1.78, EX7300 prior to 1.0.1.78, EX8000 prior to 1.0.0.114, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.42, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64", sources: [ { db: "NVD", id: "CVE-2018-21167", }, { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "VULMON", id: "CVE-2018-21167", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21167", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2018-016392", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-2209", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21167", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2018-21167", }, { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "CNNVD", id: "CNNVD-202004-2209", }, { db: "NVD", id: "CVE-2018-21167", }, ], }, id: "VAR-202004-1669", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3957455253846154, }, last_update_date: "2024-11-23T22:41:06.396000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross-Site Scripting on Routers, Gateways, Extenders, and DSL Modems, PSV-2017-3093", trust: 0.8, url: "https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093", }, { title: "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117304", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "CNNVD", id: "CNNVD-202004-2209", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "NVD", id: "CVE-2018-21167", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000055191/security-advisory-for-stored-cross-site-scripting-on-routers-gateways-extenders-and-dsl-modems-psv-2017-3093", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21167", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21167", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2018-21167", }, { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "CNNVD", id: "CNNVD-202004-2209", }, { db: "NVD", id: "CVE-2018-21167", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2018-21167", }, { db: "JVNDB", id: "JVNDB-2018-016392", }, { db: "CNNVD", id: "CNNVD-202004-2209", }, { db: "NVD", id: "CVE-2018-21167", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21167", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016392", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2209", }, { date: "2020-04-27T18:15:12.670000", db: "NVD", id: "CVE-2018-21167", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21167", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016392", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2209", }, { date: "2024-11-21T04:03:04.040000", db: "NVD", id: "CVE-2018-21167", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2209", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016392", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-2209", }, ], trust: 0.6, }, }
var-202004-1364
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7000, etc. are all products of NETGEAR. NETGEAR R7000 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR WNDR3700 is a wireless router.
Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1364", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.16", }, { model: "r7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.9.10", }, { model: "r7000p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.2.0.22", }, { model: "r6900p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.2.0.22", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.68", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.68", }, { model: "r7100lg", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.40", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.90", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.68", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.68", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.16", }, { model: "r6900p", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.2.0.22", }, { model: "r7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.9.10", }, { model: "r7000p", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.2.0.22", }, { model: "r7100lg", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.40", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.90", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.90", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59159", }, { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "NVD", id: "CVE-2017-18762", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6900p_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7000p_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7100lg_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014903", }, ], }, cve: "CVE-2017-18762", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2017-18762", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014903", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-59159", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18762", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18762", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014903", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18762", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18762", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014903", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-59159", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1907", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59159", }, { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "CNNVD", id: "CNNVD-202004-1907", }, { db: "NVD", id: "CVE-2017-18762", }, { db: "NVD", id: "CVE-2017-18762", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7000, etc. are all products of NETGEAR. NETGEAR R7000 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR WNDR3700 is a wireless router. \n\r\n\r\nInjection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2017-18762", }, { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "CNVD", id: "CNVD-2021-59159", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18762", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014903", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-59159", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1907", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59159", }, { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "CNNVD", id: "CNNVD-202004-1907", }, { db: "NVD", id: "CVE-2017-18762", }, ], }, id: "VAR-202004-1364", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-59159", }, ], trust: 1.2312351814285714, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59159", }, ], }, last_update_date: "2024-11-23T22:37:25.063000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Command Injection on Some Routers and Gateways, PSV-2017-2451", trust: 0.8, url: "https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451", }, { title: "Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-59159)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/284336", }, { title: "Multiple NETGEAR Fixing measures for product injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117243", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59159", }, { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "CNNVD", id: "CNNVD-202004-1907", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "NVD", id: "CVE-2017-18762", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18762", }, { trust: 1.6, url: "https://kb.netgear.com/000051483/security-advisory-for-pre-authentication-command-injection-on-some-routers-and-gateways-psv-2017-2451", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18762", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59159", }, { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "CNNVD", id: "CNNVD-202004-1907", }, { db: "NVD", id: "CVE-2017-18762", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-59159", }, { db: "JVNDB", id: "JVNDB-2017-014903", }, { db: "CNNVD", id: "CNNVD-202004-1907", }, { db: "NVD", id: "CVE-2017-18762", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59159", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014903", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1907", }, { date: "2020-04-22T16:15:11.373000", db: "NVD", id: "CVE-2017-18762", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59159", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014903", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1907", }, { date: "2024-11-21T03:20:51.437000", db: "NVD", id: "CVE-2017-18762", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1907", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014903", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1907", }, ], trust: 0.6, }, }
var-202004-1665
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6100 is a wireless modem. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1665", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48925", }, { db: "VULMON", id: "CVE-2018-21219", }, { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "NVD", id: "CVE-2018-21219", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016344", }, ], }, cve: "CVE-2018-21219", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21219", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016344", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-48925", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21219", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21219", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016344", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21219", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21219", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016344", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-48925", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2296", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21219", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48925", }, { db: "VULMON", id: "CVE-2018-21219", }, { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "CNNVD", id: "CNNVD-202004-2296", }, { db: "NVD", id: "CVE-2018-21219", }, { db: "NVD", id: "CVE-2018-21219", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6100 is a wireless modem. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21219", }, { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "CNVD", id: "CNVD-2021-48925", }, { db: "VULMON", id: "CVE-2018-21219", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21219", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016344", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-48925", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2296", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21219", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48925", }, { db: "VULMON", id: "CVE-2018-21219", }, { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "CNNVD", id: "CNNVD-202004-2296", }, { db: "NVD", id: "CVE-2018-21219", }, ], }, id: "VAR-202004-1665", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-48925", }, ], trust: 1.2675980592307692, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48925", }, ], }, last_update_date: "2024-11-23T23:07:58.372000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2482", trust: 0.8, url: "https://kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-48925)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/276746", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117388", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48925", }, { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "CNNVD", id: "CNNVD-202004-2296", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "NVD", id: "CVE-2018-21219", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21219", }, { trust: 1.7, url: "https://kb.netgear.com/000055118/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-and-gateways-psv-2017-2482", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21219", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48925", }, { db: "VULMON", id: "CVE-2018-21219", }, { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "CNNVD", id: "CNNVD-202004-2296", }, { db: "NVD", id: "CVE-2018-21219", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-48925", }, { db: "VULMON", id: "CVE-2018-21219", }, { db: "JVNDB", id: "JVNDB-2018-016344", }, { db: "CNNVD", id: "CNNVD-202004-2296", }, { db: "NVD", id: "CVE-2018-21219", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-04T00:00:00", db: "CNVD", id: "CNVD-2021-48925", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21219", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016344", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2296", }, { date: "2020-04-28T16:15:14.373000", db: "NVD", id: "CVE-2018-21219", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-09T00:00:00", db: "CNVD", id: "CNVD-2021-48925", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2018-21219", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016344", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2296", }, { date: "2024-11-21T04:03:12.487000", db: "NVD", id: "CVE-2018-21219", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2296", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in the product", sources: [ { db: "JVNDB", id: "JVNDB-2018-016344", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2296", }, ], trust: 0.6, }, }
var-202004-1702
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1702", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28267", }, { db: "VULMON", id: "CVE-2018-21191", }, { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "NVD", id: "CVE-2018-21191", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016370", }, ], }, cve: "CVE-2018-21191", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21191", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016370", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28267", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21191", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21191", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016370", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21191", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21191", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016370", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28267", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2255", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21191", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28267", }, { db: "VULMON", id: "CVE-2018-21191", }, { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "CNNVD", id: "CNNVD-202004-2255", }, { db: "NVD", id: "CVE-2018-21191", }, { db: "NVD", id: "CVE-2018-21191", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21191", }, { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "CNVD", id: "CNVD-2020-28267", }, { db: "VULMON", id: "CVE-2018-21191", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21191", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016370", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28267", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2255", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21191", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28267", }, { db: "VULMON", id: "CVE-2018-21191", }, { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "CNNVD", id: "CNNVD-202004-2255", }, { db: "NVD", id: "CVE-2018-21191", }, ], }, id: "VAR-202004-1702", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28267", }, ], trust: 1.3290474737499998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28267", }, ], }, last_update_date: "2024-11-23T22:44:35.942000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2604", trust: 0.8, url: "https://kb.netgear.com/000055166/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2604", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28267)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217561", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117347", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28267", }, { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "CNNVD", id: "CNNVD-202004-2255", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "NVD", id: "CVE-2018-21191", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21191", }, { trust: 1.7, url: "https://kb.netgear.com/000055166/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2604", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21191", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28267", }, { db: "VULMON", id: "CVE-2018-21191", }, { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "CNNVD", id: "CNNVD-202004-2255", }, { db: "NVD", id: "CVE-2018-21191", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28267", }, { db: "VULMON", id: "CVE-2018-21191", }, { db: "JVNDB", id: "JVNDB-2018-016370", }, { db: "CNNVD", id: "CNNVD-202004-2255", }, { db: "NVD", id: "CVE-2018-21191", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28267", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21191", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016370", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2255", }, { date: "2020-04-28T15:15:12.660000", db: "NVD", id: "CVE-2018-21191", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28267", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21191", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016370", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2255", }, { date: "2024-11-21T04:03:08.137000", db: "NVD", id: "CVE-2018-21191", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2255", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016370", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2255", }, ], trust: 0.6, }, }
var-201612-0651
Vulnerability from variot
NetgearWNR2000 is a wireless router product from Netgear. An information disclosure vulnerability exists in the NETGEARWNR2000 router. Unauthenticated attackers exploit vulnerabilities to obtain sensitive information and potentially recover administrator passwords.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201612-0651", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "3", }, { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "4", }, { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "5", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], }, cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2016-13121", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "CNVD", id: "CNVD-2016-13121", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NetgearWNR2000 is a wireless router product from Netgear. An information disclosure vulnerability exists in the NETGEARWNR2000 router. Unauthenticated attackers exploit vulnerabilities to obtain sensitive information and potentially recover administrator passwords.", sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], trust: 0.6, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CNVD", id: "CNVD-2016-13121", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], }, id: "VAR-201612-0651", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], }, last_update_date: "2022-05-04T08:56:24.211000Z", references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 0.6, url: "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-12-27T00:00:00", db: "CNVD", id: "CNVD-2016-13121", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-12-27T00:00:00", db: "CNVD", id: "CNVD-2016-13121", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR WNR2000 Router Information Disclosure Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2016-13121", }, ], trust: 0.6, }, }
var-202004-1705
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1705", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.6", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.6", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28270", }, { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "NVD", id: "CVE-2018-21194", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016377", }, ], }, cve: "CVE-2018-21194", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21194", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016377", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28270", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21194", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21194", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016377", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21194", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21194", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016377", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28270", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2256", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21194", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28270", }, { db: "VULMON", id: "CVE-2018-21194", }, { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "CNNVD", id: "CNNVD-202004-2256", }, { db: "NVD", id: "CVE-2018-21194", }, { db: "NVD", id: "CVE-2018-21194", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21194", }, { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "CNVD", id: "CNVD-2020-28270", }, { db: "VULMON", id: "CVE-2018-21194", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21194", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016377", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28270", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2256", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21194", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28270", }, { db: "VULMON", id: "CVE-2018-21194", }, { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "CNNVD", id: "CNNVD-202004-2256", }, { db: "NVD", id: "CVE-2018-21194", }, ], }, id: "VAR-202004-1705", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28270", }, ], trust: 1.274251435, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28270", }, ], }, last_update_date: "2024-11-23T22:48:01.174000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2601", trust: 0.8, url: "https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28270)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217555", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117348", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28270", }, { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "CNNVD", id: "CNNVD-202004-2256", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "NVD", id: "CVE-2018-21194", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21194", }, { trust: 1.7, url: "https://kb.netgear.com/000055163/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2601", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21194", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28270", }, { db: "VULMON", id: "CVE-2018-21194", }, { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "CNNVD", id: "CNNVD-202004-2256", }, { db: "NVD", id: "CVE-2018-21194", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28270", }, { db: "VULMON", id: "CVE-2018-21194", }, { db: "JVNDB", id: "JVNDB-2018-016377", }, { db: "CNNVD", id: "CNNVD-202004-2256", }, { db: "NVD", id: "CVE-2018-21194", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28270", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21194", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016377", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2256", }, { date: "2020-04-28T15:15:12.830000", db: "NVD", id: "CVE-2018-21194", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28270", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21194", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016377", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2256", }, { date: "2024-11-21T04:03:08.613000", db: "NVD", id: "CVE-2018-21194", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2256", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016377", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2256", }, ], trust: 0.6, }, }
var-202004-1581
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1581", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.50", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "r6020", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67652", }, { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "NVD", id: "CVE-2018-21145", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6020_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016319", }, ], }, cve: "CVE-2018-21145", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21145", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016319", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-67652", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21145", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21145", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016319", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21145", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21145", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016319", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-67652", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1844", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21145", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67652", }, { db: "VULMON", id: "CVE-2018-21145", }, { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "CNNVD", id: "CNNVD-202004-1844", }, { db: "NVD", id: "CVE-2018-21145", }, { db: "NVD", id: "CVE-2018-21145", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64", sources: [ { db: "NVD", id: "CVE-2018-21145", }, { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "CNVD", id: "CNVD-2021-67652", }, { db: "VULMON", id: "CVE-2018-21145", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21145", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016319", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-67652", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1844", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21145", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67652", }, { db: "VULMON", id: "CVE-2018-21145", }, { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "CNNVD", id: "CNNVD-202004-1844", }, { db: "NVD", id: "CVE-2018-21145", }, ], }, id: "VAR-202004-1581", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-67652", }, ], trust: 1.1820485261538463, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67652", }, ], }, last_update_date: "2024-11-23T23:07:58.476000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Gateways and Routers, PSV-2017-3160", trust: 0.8, url: "https://kb.netgear.com/000059488/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3160", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-67652)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/289176", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116320", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67652", }, { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "CNNVD", id: "CNNVD-202004-1844", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "NVD", id: "CVE-2018-21145", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21145", }, { trust: 1.7, url: "https://kb.netgear.com/000059488/security-advisory-for-post-authentication-stack-overflow-on-some-gateways-and-routers-psv-2017-3160", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21145", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67652", }, { db: "VULMON", id: "CVE-2018-21145", }, { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "CNNVD", id: "CNNVD-202004-1844", }, { db: "NVD", id: "CVE-2018-21145", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-67652", }, { db: "VULMON", id: "CVE-2018-21145", }, { db: "JVNDB", id: "JVNDB-2018-016319", }, { db: "CNNVD", id: "CNNVD-202004-1844", }, { db: "NVD", id: "CVE-2018-21145", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67652", }, { date: "2020-04-21T00:00:00", db: "VULMON", id: "CVE-2018-21145", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016319", }, { date: "2020-04-21T00:00:00", db: "CNNVD", id: "CNNVD-202004-1844", }, { date: "2020-04-21T22:15:14.197000", db: "NVD", id: "CVE-2018-21145", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67652", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21145", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016319", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1844", }, { date: "2024-11-21T04:03:00.650000", db: "NVD", id: "CVE-2018-21145", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1844", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016319", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1844", }, ], trust: 0.6, }, }
var-202004-1703
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1703", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.6", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.6", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28268", }, { db: "VULMON", id: "CVE-2018-21192", }, { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "NVD", id: "CVE-2018-21192", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016369", }, ], }, cve: "CVE-2018-21192", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21192", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016369", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28268", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21192", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21192", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016369", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21192", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21192", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016369", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28268", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2252", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21192", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28268", }, { db: "VULMON", id: "CVE-2018-21192", }, { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "CNNVD", id: "CNNVD-202004-2252", }, { db: "NVD", id: "CVE-2018-21192", }, { db: "NVD", id: "CVE-2018-21192", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21192", }, { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "CNVD", id: "CNVD-2020-28268", }, { db: "VULMON", id: "CVE-2018-21192", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21192", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016369", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28268", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2252", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21192", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28268", }, { db: "VULMON", id: "CVE-2018-21192", }, { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "CNNVD", id: "CNNVD-202004-2252", }, { db: "NVD", id: "CVE-2018-21192", }, ], }, id: "VAR-202004-1703", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28268", }, ], trust: 1.2939943166666668, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28268", }, ], }, last_update_date: "2024-11-23T22:48:01.203000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2603", trust: 0.8, url: "https://kb.netgear.com/000055165/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2603", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28268)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217559", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117345", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28268", }, { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "CNNVD", id: "CNNVD-202004-2252", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "NVD", id: "CVE-2018-21192", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21192", }, { trust: 1.7, url: "https://kb.netgear.com/000055165/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2603", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21192", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28268", }, { db: "VULMON", id: "CVE-2018-21192", }, { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "CNNVD", id: "CNNVD-202004-2252", }, { db: "NVD", id: "CVE-2018-21192", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28268", }, { db: "VULMON", id: "CVE-2018-21192", }, { db: "JVNDB", id: "JVNDB-2018-016369", }, { db: "CNNVD", id: "CNNVD-202004-2252", }, { db: "NVD", id: "CVE-2018-21192", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28268", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21192", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016369", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2252", }, { date: "2020-04-28T15:15:12.723000", db: "NVD", id: "CVE-2018-21192", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28268", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21192", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016369", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2252", }, { date: "2024-11-21T04:03:08.287000", db: "NVD", id: "CVE-2018-21192", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2252", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016369", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2252", }, ], trust: 0.6, }, }
var-202312-0600
Vulnerability from variot
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. of netgear WNR2000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR2000 is a wireless router made by NETGEAR. This vulnerability is caused by the application's failure to correctly filter special characters and commands in constructed commands. An attacker could exploit this vulnerability to cause arbitrary command execution
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0600", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wnr2000", scope: "eq", trust: 1, vendor: "netgear", version: "1.0.0.70", }, { model: "wnr2000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "ネットギア", version: null, }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "ネットギア", version: "wnr2000 firmware 1.0.0.70", }, { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "v41.0.0.70", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99028", }, { db: "JVNDB", id: "JVNDB-2023-020173", }, { db: "NVD", id: "CVE-2023-50089", }, ], }, cve: "CVE-2023-50089", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2023-99028", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-50089", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-50089", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-50089", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-50089", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2023-99028", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99028", }, { db: "JVNDB", id: "JVNDB-2023-020173", }, { db: "NVD", id: "CVE-2023-50089", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. of netgear WNR2000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR2000 is a wireless router made by NETGEAR. This vulnerability is caused by the application's failure to correctly filter special characters and commands in constructed commands. An attacker could exploit this vulnerability to cause arbitrary command execution", sources: [ { db: "NVD", id: "CVE-2023-50089", }, { db: "JVNDB", id: "JVNDB-2023-020173", }, { db: "CNVD", id: "CNVD-2023-99028", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-50089", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2023-020173", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-99028", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99028", }, { db: "JVNDB", id: "JVNDB-2023-020173", }, { db: "NVD", id: "CVE-2023-50089", }, ], }, id: "VAR-202312-0600", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-99028", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99028", }, ], }, last_update_date: "2024-08-14T15:20:47.120000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-020173", }, { db: "NVD", id: "CVE-2023-50089", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://github.com/noneshell/vulnerabilities/blob/main/netgear/wnr2000v4-1.0.0.70-authorized-command-injection.md", }, { trust: 1.8, url: "https://www.netgear.com/about/security/", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2023-50089", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99028", }, { db: "JVNDB", id: "JVNDB-2023-020173", }, { db: "NVD", id: "CVE-2023-50089", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-99028", }, { db: "JVNDB", id: "JVNDB-2023-020173", }, { db: "NVD", id: "CVE-2023-50089", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-12-20T00:00:00", db: "CNVD", id: "CNVD-2023-99028", }, { date: "2024-01-16T00:00:00", db: "JVNDB", id: "JVNDB-2023-020173", }, { date: "2023-12-15T17:15:12.780000", db: "NVD", id: "CVE-2023-50089", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-12-20T00:00:00", db: "CNVD", id: "CNVD-2023-99028", }, { date: "2024-01-16T02:18:00", db: "JVNDB", id: "JVNDB-2023-020173", }, { date: "2023-12-19T20:51:17.553000", db: "NVD", id: "CVE-2023-50089", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "of netgear WNR2000 Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-020173", }, ], trust: 0.8, }, }
var-202004-1571
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects R6700 prior to 1.0.1.48, R7500 prior to 1.0.0.124, R7800 prior to 1.0.2.58, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.56, WNDR4500v3 prior to 1.0.0.56, and WNR2000v5-R2000 prior to 1.0.0.68
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1571", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.58", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "r6700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.48", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.124", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "r6700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.48", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.124", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.58", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "v4 1.0.2.102", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v1 1.0.2.104", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.0.56", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "v3 1.0.0.56", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "v5-r2000 1.0.0.68", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.104", }, { model: "wnr2000v5-r2000", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50926", }, { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "NVD", id: "CVE-2018-21135", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016412", }, ], }, cve: "CVE-2018-21135", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2018-21135", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016412", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2021-50926", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2018-21135", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21135", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016412", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21135", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21135", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016412", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-50926", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2029", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21135", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50926", }, { db: "VULMON", id: "CVE-2018-21135", }, { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "CNNVD", id: "CNNVD-202004-2029", }, { db: "NVD", id: "CVE-2018-21135", }, { db: "NVD", id: "CVE-2018-21135", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects R6700 prior to 1.0.1.48, R7500 prior to 1.0.0.124, R7800 prior to 1.0.2.58, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.56, WNDR4500v3 prior to 1.0.0.56, and WNR2000v5-R2000 prior to 1.0.0.68", sources: [ { db: "NVD", id: "CVE-2018-21135", }, { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "CNVD", id: "CNVD-2021-50926", }, { db: "VULMON", id: "CVE-2018-21135", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21135", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016412", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-50926", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2029", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21135", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50926", }, { db: "VULMON", id: "CVE-2018-21135", }, { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "CNNVD", id: "CNNVD-202004-2029", }, { db: "NVD", id: "CVE-2018-21135", }, ], }, id: "VAR-202004-1571", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-50926", }, ], trust: 1.287644860909091, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50926", }, ], }, last_update_date: "2024-11-23T22:25:32.381000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, PSV-2017-3165", trust: 0.8, url: "https://kb.netgear.com/000060225/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3165", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-50926)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/279091", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116784", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50926", }, { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "CNNVD", id: "CNNVD-202004-2029", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "NVD", id: "CVE-2018-21135", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21135", }, { trust: 1.7, url: "https://kb.netgear.com/000060225/security-advisory-for-post-authentication-stack-overflow-on-some-routers-psv-2017-3165", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21135", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50926", }, { db: "VULMON", id: "CVE-2018-21135", }, { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "CNNVD", id: "CNNVD-202004-2029", }, { db: "NVD", id: "CVE-2018-21135", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-50926", }, { db: "VULMON", id: "CVE-2018-21135", }, { db: "JVNDB", id: "JVNDB-2018-016412", }, { db: "CNNVD", id: "CNNVD-202004-2029", }, { db: "NVD", id: "CVE-2018-21135", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-14T00:00:00", db: "CNVD", id: "CNVD-2021-50926", }, { date: "2020-04-23T00:00:00", db: "VULMON", id: "CVE-2018-21135", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016412", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-2029", }, { date: "2020-04-23T21:15:11.453000", db: "NVD", id: "CVE-2018-21135", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "CNVD", id: "CNVD-2021-50926", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21135", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016412", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2029", }, { date: "2024-11-21T04:02:59.120000", db: "NVD", id: "CVE-2018-21135", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2029", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016412", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2029", }, ], trust: 0.6, }, }
var-202004-1577
Vulnerability from variot
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1577", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61050", }, { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "NVD", id: "CVE-2018-21141", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016295", }, ], }, cve: "CVE-2018-21141", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 2.7, confidentialityImpact: "NONE", exploitabilityScore: 5.1, id: "CVE-2018-21141", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 2.7, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016295", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 2.7, confidentialityImpact: "NONE", exploitabilityScore: 5.1, id: "CNVD-2021-61050", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.9, id: "CVE-2018-21141", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.9, id: "CVE-2018-21141", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 4.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016295", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21141", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21141", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016295", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-61050", trust: 0.6, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61050", }, { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "NVD", id: "CVE-2018-21141", }, { db: "NVD", id: "CVE-2018-21141", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products", sources: [ { db: "NVD", id: "CVE-2018-21141", }, { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "CNVD", id: "CNVD-2021-61050", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21141", trust: 3, }, { db: "JVNDB", id: "JVNDB-2018-016295", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-61050", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1842", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61050", }, { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "CNNVD", id: "CNNVD-202004-1842", }, { db: "NVD", id: "CVE-2018-21141", }, ], }, id: "VAR-202004-1577", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-61050", }, ], trust: 1.252275467, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61050", }, ], }, last_update_date: "2024-11-23T22:48:01.361000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Denial of Service on Some Routers, PSV-2017-3168", trust: 0.8, url: "https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168", }, { title: "Patch for Multiple NETGEAR products input verification error vulnerability (CNVD-2021-61050)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/284571", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116318", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61050", }, { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "CNNVD", id: "CNNVD-202004-1842", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "NVD", id: "CVE-2018-21141", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21141", }, { trust: 1.6, url: "https://kb.netgear.com/000059492/security-advisory-for-denial-of-service-on-some-routers-psv-2017-3168", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21141", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61050", }, { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "CNNVD", id: "CNNVD-202004-1842", }, { db: "NVD", id: "CVE-2018-21141", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-61050", }, { db: "JVNDB", id: "JVNDB-2018-016295", }, { db: "CNNVD", id: "CNNVD-202004-1842", }, { db: "NVD", id: "CVE-2018-21141", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-61050", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2018-016295", }, { date: "2020-04-21T00:00:00", db: "CNNVD", id: "CNNVD-202004-1842", }, { date: "2020-04-21T21:15:12.740000", db: "NVD", id: "CVE-2018-21141", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61050", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2018-016295", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1842", }, { date: "2024-11-21T04:03:00.047000", db: "NVD", id: "CVE-2018-21141", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Input verification vulnerabilities on devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016295", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-1842", }, ], trust: 0.6, }, }
var-202004-1586
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1586", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.50", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.26", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.26", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52952", }, { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "NVD", id: "CVE-2018-21150", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016309", }, ], }, cve: "CVE-2018-21150", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21150", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016309", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-52952", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21150", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21150", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016309", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21150", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21150", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016309", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-52952", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1946", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21150", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52952", }, { db: "VULMON", id: "CVE-2018-21150", }, { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "CNNVD", id: "CNNVD-202004-1946", }, { db: "NVD", id: "CVE-2018-21150", }, { db: "NVD", id: "CVE-2018-21150", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64", sources: [ { db: "NVD", id: "CVE-2018-21150", }, { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "CNVD", id: "CNVD-2021-52952", }, { db: "VULMON", id: "CVE-2018-21150", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21150", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016309", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-52952", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1946", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21150", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52952", }, { db: "VULMON", id: "CVE-2018-21150", }, { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "CNNVD", id: "CNNVD-202004-1946", }, { db: "NVD", id: "CVE-2018-21150", }, ], }, id: "VAR-202004-1586", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-52952", }, ], trust: 1.2363687815384616, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52952", }, ], }, last_update_date: "2024-11-23T22:11:30.129000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Gateways and Routers, PSV-2017-3155", trust: 0.8, url: "https://kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-52952)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/280061", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116715", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52952", }, { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "CNNVD", id: "CNNVD-202004-1946", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "NVD", id: "CVE-2018-21150", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21150", }, { trust: 1.7, url: "https://kb.netgear.com/000059483/security-advisory-for-post-authentication-stack-overflow-on-some-gateways-and-routers-psv-2017-3155", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21150", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52952", }, { db: "VULMON", id: "CVE-2018-21150", }, { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "CNNVD", id: "CNNVD-202004-1946", }, { db: "NVD", id: "CVE-2018-21150", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-52952", }, { db: "VULMON", id: "CVE-2018-21150", }, { db: "JVNDB", id: "JVNDB-2018-016309", }, { db: "CNNVD", id: "CNNVD-202004-1946", }, { db: "NVD", id: "CVE-2018-21150", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-21T00:00:00", db: "CNVD", id: "CNVD-2021-52952", }, { date: "2020-04-22T00:00:00", db: "VULMON", id: "CVE-2018-21150", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2018-016309", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1946", }, { date: "2020-04-22T20:15:11.107000", db: "NVD", id: "CVE-2018-21150", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-21T00:00:00", db: "CNVD", id: "CNVD-2021-52952", }, { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2018-21150", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2018-016309", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1946", }, { date: "2024-11-21T04:03:01.397000", db: "NVD", id: "CVE-2018-21150", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1946", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016309", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1946", }, ], trust: 0.6, }, }
var-202004-1674
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1674", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28111", }, { db: "VULMON", id: "CVE-2018-21172", }, { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "NVD", id: "CVE-2018-21172", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016381", }, ], }, cve: "CVE-2018-21172", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21172", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016381", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28111", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21172", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21172", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016381", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21172", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21172", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016381", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28111", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2213", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21172", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28111", }, { db: "VULMON", id: "CVE-2018-21172", }, { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "CNNVD", id: "CNNVD-202004-2213", }, { db: "NVD", id: "CVE-2018-21172", }, { db: "NVD", id: "CVE-2018-21172", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21172", }, { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "CNVD", id: "CNVD-2020-28111", }, { db: "VULMON", id: "CVE-2018-21172", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21172", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016381", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28111", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2213", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21172", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28111", }, { db: "VULMON", id: "CVE-2018-21172", }, { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "CNNVD", id: "CNNVD-202004-2213", }, { db: "NVD", id: "CVE-2018-21172", }, ], }, id: "VAR-202004-1674", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28111", }, ], trust: 1.3365085385714286, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28111", }, ], }, last_update_date: "2024-11-23T21:35:53.306000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, PSV-2017-2631", trust: 0.8, url: "https://kb.netgear.com/000055186/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2631", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28111)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217419", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117306", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28111", }, { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "CNNVD", id: "CNNVD-202004-2213", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "NVD", id: "CVE-2018-21172", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21172", }, { trust: 1.7, url: "https://kb.netgear.com/000055186/security-advisory-for-post-authentication-stack-overflow-on-some-routers-psv-2017-2631", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21172", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28111", }, { db: "VULMON", id: "CVE-2018-21172", }, { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "CNNVD", id: "CNNVD-202004-2213", }, { db: "NVD", id: "CVE-2018-21172", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28111", }, { db: "VULMON", id: "CVE-2018-21172", }, { db: "JVNDB", id: "JVNDB-2018-016381", }, { db: "CNNVD", id: "CNNVD-202004-2213", }, { db: "NVD", id: "CVE-2018-21172", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28111", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21172", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016381", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2213", }, { date: "2020-04-27T18:15:12.967000", db: "NVD", id: "CVE-2018-21172", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28111", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21172", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016381", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2213", }, { date: "2024-11-21T04:03:04.907000", db: "NVD", id: "CVE-2018-21172", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2213", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016381", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2213", }, ], trust: 0.6, }, }
var-202004-1368
Vulnerability from variot
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8. NETGEAR DST6501 and WNR2000 The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR WNR2000 and NETGEAR DST6501 are both products of NETGEAR. NETGEAR WNR2000 is a wireless router. NETGEAR DST6501 is a wireless extender adapter.
There are security vulnerabilities in NETGEAR DST6501 versions before 1.1.0.6 and WNR2000v2 versions before 1.2.0.8
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1368", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dst6501", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.6", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.8", }, { model: "dst6501", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.6", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.2.0.8", }, { model: "wnr2000v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.2.0.8", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59161", }, { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "NVD", id: "CVE-2017-18766", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:dst6501_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014906", }, ], }, cve: "CVE-2017-18766", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2017-18766", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1, vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 3.3, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014906", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-59161", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18766", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18766", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014906", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18766", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18766", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014906", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-59161", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202004-1912", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59161", }, { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "CNNVD", id: "CNNVD-202004-1912", }, { db: "NVD", id: "CVE-2017-18766", }, { db: "NVD", id: "CVE-2017-18766", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8. NETGEAR DST6501 and WNR2000 The device contains a vulnerability related to information leakage.Information may be obtained. NETGEAR WNR2000 and NETGEAR DST6501 are both products of NETGEAR. NETGEAR WNR2000 is a wireless router. NETGEAR DST6501 is a wireless extender adapter. \n\r\n\r\nThere are security vulnerabilities in NETGEAR DST6501 versions before 1.1.0.6 and WNR2000v2 versions before 1.2.0.8", sources: [ { db: "NVD", id: "CVE-2017-18766", }, { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "CNVD", id: "CNVD-2021-59161", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18766", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014906", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-59161", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1912", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59161", }, { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "CNNVD", id: "CNNVD-202004-1912", }, { db: "NVD", id: "CVE-2017-18766", }, ], }, id: "VAR-202004-1368", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-59161", }, ], trust: 1.2369047850000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59161", }, ], }, last_update_date: "2024-11-23T22:16:30.409000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Arbitrary File Read on DST6501 and WNR2000v2, PSV-2017-0425", trust: 0.8, url: "https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425", }, { title: "Patch for NETGEAR DST6501 and WNR2000 Information Disclosure Vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/284361", }, { title: "NETGEAR DST6501 and WNR2000 Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117247", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59161", }, { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "CNNVD", id: "CNNVD-202004-1912", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "NVD", id: "CVE-2017-18766", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18766", }, { trust: 1.6, url: "https://kb.netgear.com/000051479/security-advisory-for-arbitrary-file-read-on-dst6501-and-wnr2000v2-psv-2017-0425", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18766", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59161", }, { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "CNNVD", id: "CNNVD-202004-1912", }, { db: "NVD", id: "CVE-2017-18766", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-59161", }, { db: "JVNDB", id: "JVNDB-2017-014906", }, { db: "CNNVD", id: "CNNVD-202004-1912", }, { db: "NVD", id: "CVE-2017-18766", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59161", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014906", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1912", }, { date: "2020-04-22T16:15:11.607000", db: "NVD", id: "CVE-2017-18766", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59161", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014906", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1912", }, { date: "2024-11-21T03:20:52.057000", db: "NVD", id: "CVE-2017-18766", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1912", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR DST6501 and WNR2000 Information leakage vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014906", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202004-1912", }, ], trust: 0.6, }, }
var-202004-1367
Vulnerability from variot
Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1367", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r6900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.8", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.32", }, { model: "wnr3500l", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.44", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.8", }, { model: "r6300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.8", }, { model: "r6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.32", }, { model: "r6700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r6900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.2.0.8", }, { model: "wnr3500l", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.2.0.44", }, { model: "r6400v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.32", }, { model: "r6300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.4.8", }, { model: "wnr2000v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.2.0.8", }, { model: "wnr3500lv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.2.0.44", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59160", }, { db: "JVNDB", id: "JVNDB-2017-014944", }, { db: "NVD", id: "CVE-2017-18765", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr3500l_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014944", }, ], }, cve: "CVE-2017-18765", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CVE-2017-18765", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 3.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2017-014944", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CNVD-2021-59160", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2017-18765", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2017-18765", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2017-014944", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18765", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18765", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-014944", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-59160", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202004-1911", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59160", }, { db: "JVNDB", id: "JVNDB-2017-014944", }, { db: "CNNVD", id: "CNNVD-202004-1911", }, { db: "NVD", id: "CVE-2017-18765", }, { db: "NVD", id: "CVE-2017-18765", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all wireless routers from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products", sources: [ { db: "NVD", id: "CVE-2017-18765", }, { db: "JVNDB", id: "JVNDB-2017-014944", }, { db: "CNVD", id: "CNVD-2021-59160", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18765", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014944", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-59160", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1911", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59160", }, { db: "JVNDB", id: "JVNDB-2017-014944", }, { db: "CNNVD", id: "CNNVD-202004-1911", }, { db: "NVD", id: "CVE-2017-18765", }, ], }, id: "VAR-202004-1367", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-59160", }, ], trust: 1.2096626228571428, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59160", }, ], }, last_update_date: "2024-11-23T22:48:01.613000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Denial of Service on Some Routers, PSV-2017-0648", trust: 0.8, url: "https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648", }, { title: "Patch for Denial of service vulnerabilities in multiple NETGEAR products", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/284341", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116682", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59160", }, { db: "JVNDB", id: "JVNDB-2017-014944", }, { db: "CNNVD", id: "CNNVD-202004-1911", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2017-18765", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18765", }, { trust: 1.6, url: "https://kb.netgear.com/000051480/security-advisory-for-denial-of-service-on-some-routers-psv-2017-0648", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18765", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59160", }, { db: "JVNDB", id: "JVNDB-2017-014944", }, { db: "CNNVD", id: "CNNVD-202004-1911", }, { db: "NVD", id: "CVE-2017-18765", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-59160", }, { db: "JVNDB", id: "JVNDB-2017-014944", }, { db: "CNNVD", id: "CNNVD-202004-1911", }, { db: "NVD", id: "CVE-2017-18765", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59160", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-014944", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1911", }, { date: "2020-04-22T16:15:11.543000", db: "NVD", id: "CVE-2017-18765", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59160", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-014944", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1911", }, { date: "2024-11-21T03:20:51.913000", db: "NVD", id: "CVE-2017-18765", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1911", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014944", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-1911", }, ], trust: 0.6, }, }
var-201909-0106
Vulnerability from variot
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. NETGEAR N300 is a wireless router of NETGEAR
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0106", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wnr2000", scope: "eq", trust: 1, vendor: "netgear", version: "1.0.0.70", }, { model: "wnr2000v5", scope: "eq", trust: 0.8, vendor: "net gear", version: "1.0.0.70", }, { model: "n300", scope: "eq", trust: 0.6, vendor: "netgear", version: "1.0.0.70", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-23149", }, { db: "JVNDB", id: "JVNDB-2019-009364", }, { db: "NVD", id: "CVE-2019-5054", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:wnr2000v5_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009364", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Discovered by Dave McDaniel of Cisco Talos.", sources: [ { db: "CNNVD", id: "CNNVD-201909-391", }, ], trust: 0.6, }, cve: "CVE-2019-5054", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2019-5054", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2020-23149", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-156489", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "talos-cna@cisco.com", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2019-5054", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2019-5054", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-5054", trust: 1, value: "HIGH", }, { author: "talos-cna@cisco.com", id: "CVE-2019-5054", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2019-5054", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-23149", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201909-391", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-156489", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-5054", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-23149", }, { db: "VULHUB", id: "VHN-156489", }, { db: "VULMON", id: "CVE-2019-5054", }, { db: "JVNDB", id: "JVNDB-2019-009364", }, { db: "CNNVD", id: "CNNVD-201909-391", }, { db: "NVD", id: "CVE-2019-5054", }, { db: "NVD", id: "CVE-2019-5054", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. NETGEAR N300 is a wireless router of NETGEAR", sources: [ { db: "NVD", id: "CVE-2019-5054", }, { db: "JVNDB", id: "JVNDB-2019-009364", }, { db: "CNVD", id: "CNVD-2020-23149", }, { db: "VULHUB", id: "VHN-156489", }, { db: "VULMON", id: "CVE-2019-5054", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-5054", trust: 3.2, }, { db: "TALOS", id: "TALOS-2019-0831", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2019-009364", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-23149", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-201909-391", trust: 0.7, }, { db: "VULHUB", id: "VHN-156489", trust: 0.1, }, { db: "VULMON", id: "CVE-2019-5054", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-23149", }, { db: "VULHUB", id: "VHN-156489", }, { db: "VULMON", id: "CVE-2019-5054", }, { db: "JVNDB", id: "JVNDB-2019-009364", }, { db: "CNNVD", id: "CNNVD-201909-391", }, { db: "NVD", id: "CVE-2019-5054", }, ], }, id: "VAR-201909-0106", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-23149", }, { db: "VULHUB", id: "VHN-156489", }, ], trust: 1.3570029333333333, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-23149", }, ], }, last_update_date: "2024-11-23T23:08:16.243000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "WNR2000v5 - N300 Wireless Router", trust: 0.8, url: "https://www.netgear.com/support/product/WNR2000v5", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009364", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-476", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-156489", }, { db: "JVNDB", id: "JVNDB-2019-009364", }, { db: "NVD", id: "CVE-2019-5054", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://talosintelligence.com/vulnerability_reports/talos-2019-0831", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-5054", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5054", }, { trust: 0.6, url: "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0831", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/476.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166722", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-23149", }, { db: "VULHUB", id: "VHN-156489", }, { db: "VULMON", id: "CVE-2019-5054", }, { db: "JVNDB", id: "JVNDB-2019-009364", }, { db: "CNNVD", id: "CNNVD-201909-391", }, { db: "NVD", id: "CVE-2019-5054", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-23149", }, { db: "VULHUB", id: "VHN-156489", }, { db: "VULMON", id: "CVE-2019-5054", }, { db: "JVNDB", id: "JVNDB-2019-009364", }, { db: "CNNVD", id: "CNNVD-201909-391", }, { db: "NVD", id: "CVE-2019-5054", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-16T00:00:00", db: "CNVD", id: "CNVD-2020-23149", }, { date: "2019-09-11T00:00:00", db: "VULHUB", id: "VHN-156489", }, { date: "2019-09-11T00:00:00", db: "VULMON", id: "CVE-2019-5054", }, { date: "2019-09-18T00:00:00", db: "JVNDB", id: "JVNDB-2019-009364", }, { date: "2019-09-09T00:00:00", db: "CNNVD", id: "CNNVD-201909-391", }, { date: "2019-09-11T22:15:19.353000", db: "NVD", id: "CVE-2019-5054", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-16T00:00:00", db: "CNVD", id: "CNVD-2020-23149", }, { date: "2019-09-13T00:00:00", db: "VULHUB", id: "VHN-156489", }, { date: "2019-09-13T00:00:00", db: "VULMON", id: "CVE-2019-5054", }, { date: "2019-09-18T00:00:00", db: "JVNDB", id: "JVNDB-2019-009364", }, { date: "2021-09-10T00:00:00", db: "CNNVD", id: "CNNVD-201909-391", }, { date: "2024-11-21T04:44:15.590000", db: "NVD", id: "CVE-2019-5054", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201909-391", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR N300 HTTP On the server NULL Pointer dereference vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-009364", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-201909-391", }, ], trust: 0.6, }, }
var-202004-1668
Vulnerability from variot
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1668", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50931", }, { db: "JVNDB", id: "JVNDB-2018-016420", }, { db: "NVD", id: "CVE-2018-21166", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016420", }, ], }, cve: "CVE-2018-21166", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2018-21166", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016420", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CNVD-2021-50931", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, id: "CVE-2018-21166", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.9, id: "CVE-2018-21166", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 4.9, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016420", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21166", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21166", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016420", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-50931", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2040", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50931", }, { db: "JVNDB", id: "JVNDB-2018-016420", }, { db: "CNNVD", id: "CNNVD-202004-2040", }, { db: "NVD", id: "CVE-2018-21166", }, { db: "NVD", id: "CVE-2018-21166", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products", sources: [ { db: "NVD", id: "CVE-2018-21166", }, { db: "JVNDB", id: "JVNDB-2018-016420", }, { db: "CNVD", id: "CNVD-2021-50931", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21166", trust: 3, }, { db: "JVNDB", id: "JVNDB-2018-016420", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-50931", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2040", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50931", }, { db: "JVNDB", id: "JVNDB-2018-016420", }, { db: "CNNVD", id: "CNNVD-202004-2040", }, { db: "NVD", id: "CVE-2018-21166", }, ], }, id: "VAR-202004-1668", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-50931", }, ], trust: 1.252275467, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50931", }, ], }, last_update_date: "2024-11-23T22:21:12.425000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Denial of Service on Some Routers, PSV-2017-3167", trust: 0.8, url: "https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167", }, { title: "Patch for NETGEAR Denial of Service Vulnerability (CNVD-2021-50931)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/279136", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116795", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50931", }, { db: "JVNDB", id: "JVNDB-2018-016420", }, { db: "CNNVD", id: "CNNVD-202004-2040", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2018-21166", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21166", }, { trust: 1.6, url: "https://kb.netgear.com/000055193/security-advisory-for-denial-of-service-on-some-routers-psv-2017-3167", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21166", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50931", }, { db: "JVNDB", id: "JVNDB-2018-016420", }, { db: "CNNVD", id: "CNNVD-202004-2040", }, { db: "NVD", id: "CVE-2018-21166", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-50931", }, { db: "JVNDB", id: "JVNDB-2018-016420", }, { db: "CNNVD", id: "CNNVD-202004-2040", }, { db: "NVD", id: "CVE-2018-21166", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-15T00:00:00", db: "CNVD", id: "CNVD-2021-50931", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016420", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-2040", }, { date: "2020-04-23T22:15:12.507000", db: "NVD", id: "CVE-2018-21166", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "CNVD", id: "CNVD-2021-50931", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016420", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2040", }, { date: "2024-11-21T04:03:03.883000", db: "NVD", id: "CVE-2018-21166", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2040", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016420", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2040", }, ], trust: 0.6, }, }
var-202004-1652
Vulnerability from variot
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1652", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50930", }, { db: "JVNDB", id: "JVNDB-2018-016419", }, { db: "NVD", id: "CVE-2018-21165", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016419", }, ], }, cve: "CVE-2018-21165", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2018-21165", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016419", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CNVD-2021-50930", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, id: "CVE-2018-21165", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.9, id: "CVE-2018-21165", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 4.9, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2018-016419", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21165", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21165", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016419", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-50930", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2041", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50930", }, { db: "JVNDB", id: "JVNDB-2018-016419", }, { db: "CNNVD", id: "CNNVD-202004-2041", }, { db: "NVD", id: "CVE-2018-21165", }, { db: "NVD", id: "CVE-2018-21165", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products", sources: [ { db: "NVD", id: "CVE-2018-21165", }, { db: "JVNDB", id: "JVNDB-2018-016419", }, { db: "CNVD", id: "CNVD-2021-50930", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21165", trust: 3, }, { db: "JVNDB", id: "JVNDB-2018-016419", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-50930", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2041", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50930", }, { db: "JVNDB", id: "JVNDB-2018-016419", }, { db: "CNNVD", id: "CNNVD-202004-2041", }, { db: "NVD", id: "CVE-2018-21165", }, ], }, id: "VAR-202004-1652", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-50930", }, ], trust: 1.252275467, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50930", }, ], }, last_update_date: "2024-11-23T22:33:27.884000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Denial of Service on Some Routers, PSV-2017-3170", trust: 0.8, url: "https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170", }, { title: "Patches for denial of service vulnerabilities in multiple NETGEAR products", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/279141", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116796", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50930", }, { db: "JVNDB", id: "JVNDB-2018-016419", }, { db: "CNNVD", id: "CNNVD-202004-2041", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2018-21165", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21165", }, { trust: 1.6, url: "https://kb.netgear.com/000055194/security-advisory-for-denial-of-service-on-some-routers-psv-2017-3170", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21165", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-50930", }, { db: "JVNDB", id: "JVNDB-2018-016419", }, { db: "CNNVD", id: "CNNVD-202004-2041", }, { db: "NVD", id: "CVE-2018-21165", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-50930", }, { db: "JVNDB", id: "JVNDB-2018-016419", }, { db: "CNNVD", id: "CNNVD-202004-2041", }, { db: "NVD", id: "CVE-2018-21165", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "CNVD", id: "CNVD-2021-50930", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016419", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-2041", }, { date: "2020-04-23T22:15:12.443000", db: "NVD", id: "CVE-2018-21165", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "CNVD", id: "CNVD-2021-50930", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016419", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2041", }, { date: "2024-11-21T04:03:03.733000", db: "NVD", id: "CVE-2018-21165", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2041", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016419", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2041", }, ], trust: 0.6, }, }
var-202004-1584
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1584", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.50", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.3.26", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.26", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67653", }, { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "NVD", id: "CVE-2018-21148", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016315", }, ], }, cve: "CVE-2018-21148", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21148", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016315", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-67653", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21148", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21148", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016315", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21148", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21148", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016315", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-67653", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1849", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67653", }, { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "CNNVD", id: "CNNVD-202004-1849", }, { db: "NVD", id: "CVE-2018-21148", }, { db: "NVD", id: "CVE-2018-21148", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow", sources: [ { db: "NVD", id: "CVE-2018-21148", }, { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "CNVD", id: "CNVD-2021-67653", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21148", trust: 3, }, { db: "JVNDB", id: "JVNDB-2018-016315", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-67653", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1849", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67653", }, { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "CNNVD", id: "CNNVD-202004-1849", }, { db: "NVD", id: "CVE-2018-21148", }, ], }, id: "VAR-202004-1584", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-67653", }, ], trust: 1.2363687815384616, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67653", }, ], }, last_update_date: "2024-11-23T22:21:12.528000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Command Injection on Some Routers and Modem Routers, PSV-2018-0033", trust: 0.8, url: "https://kb.netgear.com/000059485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3157", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-67653)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/289186", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117220", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67653", }, { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "CNNVD", id: "CNNVD-202004-1849", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "NVD", id: "CVE-2018-21148", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21148", }, { trust: 1.6, url: "https://kb.netgear.com/000059485/security-advisory-for-post-authentication-stack-overflow-on-some-gateways-and-routers-psv-2017-3157", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21148", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67653", }, { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "CNNVD", id: "CNNVD-202004-1849", }, { db: "NVD", id: "CVE-2018-21148", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-67653", }, { db: "JVNDB", id: "JVNDB-2018-016315", }, { db: "CNNVD", id: "CNNVD-202004-1849", }, { db: "NVD", id: "CVE-2018-21148", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67653", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016315", }, { date: "2020-04-21T00:00:00", db: "CNNVD", id: "CNNVD-202004-1849", }, { date: "2020-04-21T22:15:14.367000", db: "NVD", id: "CVE-2018-21148", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67653", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016315", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1849", }, { date: "2024-11-21T04:03:01.090000", db: "NVD", id: "CVE-2018-21148", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1849", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016315", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1849", }, ], trust: 0.6, }, }
var-202004-1301
Vulnerability from variot
plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem.
There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1301", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.56", }, { model: "d6200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.00.24", }, { model: "d6220", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.32", }, { model: "d6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.66", }, { model: "d7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.52", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "d8500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.35", }, { model: "ex2700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.28", }, { model: "ex6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.72", }, { model: "ex7300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.72", }, { model: "ex8000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.102", }, { model: "pr2000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.20", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r6250", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.16", }, { model: "r6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.32", }, { model: "r6700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.36", }, { model: "r6900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.9.18", }, { model: "r6900p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.3.0.8", }, { model: "r7000p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.3.0.8", }, { model: "r7100lg", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.34", }, { model: "r7300dst", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.58", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r7900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.4", }, { model: "r7900p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.5.14", }, { model: "r8000p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.5.14", }, { model: "r8300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.110", }, { model: "r8500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.110", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2020", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.44", }, { model: "wnr2050", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.44", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.40", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.4_1.1.42", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.18", }, { model: "dgn2200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.96", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.94", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.52", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.14", }, { model: "wnr3500l", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.46", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.50", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.54", }, { model: "dgn2200b", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.96", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.54", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.44", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.46", }, { model: "wndr3400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.16", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.56", }, { model: "d6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.00.24", }, { model: "d6220", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.32", }, { model: "d6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.66", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.44", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.52", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "d8500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.35", }, { model: "d7000v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.44", }, { model: "dgn2200v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.96", }, { model: "dgn2200bv4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.96", }, { model: "ex6150v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.54", }, { model: "ex6100v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.54", }, { model: "ex6200v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.52", }, { model: "jnr1010v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.44", }, { model: "jwnr2010v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.44", }, { model: "r6300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.4.18", }, { model: "r6400v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.46", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "r8000 <1.0.4.4 1.1.42", scope: null, trust: 0.6, vendor: "netgear", version: null, }, { model: "wn2000rptv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.14", }, { model: "wn3000rpv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.50", }, { model: "wn3100rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.40", }, { model: "wndr3400v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.16", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr1000v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.44", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr3500lv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.2.0.46", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31315", }, { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "NVD", id: "CVE-2017-18788", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6220_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d8500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014874", }, ], }, cve: "CVE-2017-18788", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2017-18788", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014874", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2020-31315", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2017-18788", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2017-18788", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014874", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18788", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18788", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-014874", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-31315", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1863", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31315", }, { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "CNNVD", id: "CNNVD-202004-1863", }, { db: "NVD", id: "CVE-2017-18788", }, { db: "NVD", id: "CVE-2017-18788", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR3500L, etc. are all products of NETGEAR. WNR3500L is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. \n\r\n\r\nThere are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method", sources: [ { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "CNVD", id: "CNVD-2020-31315", }, ], trust: 1.26, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18788", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014874", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-31315", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1863", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31315", }, { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "CNNVD", id: "CNNVD-202004-1863", }, { db: "NVD", id: "CVE-2017-18788", }, ], }, id: "VAR-202004-1301", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-31315", }, ], trust: 1.1754130904918032, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31315", }, ], }, last_update_date: "2024-11-23T22:37:25.142000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post Authentication Command Injection on Some Routers, Gateways, and Extenders, PSV-2017-2947", trust: 0.8, url: "https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947", }, { title: "Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-31315)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/220097", }, { title: "Multiple NETGEAR Fixing measures for product injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116999", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31315", }, { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "CNNVD", id: "CNNVD-202004-1863", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "NVD", id: "CVE-2017-18788", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18788", }, { trust: 1.6, url: "https://kb.netgear.com/000049527/security-advisory-for-post-authentication-command-injection-on-some-routers-gateways-and-extenders-psv-2017-2947", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18788", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31315", }, { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "CNNVD", id: "CNNVD-202004-1863", }, { db: "NVD", id: "CVE-2017-18788", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-31315", }, { db: "JVNDB", id: "JVNDB-2017-014874", }, { db: "CNNVD", id: "CNNVD-202004-1863", }, { db: "NVD", id: "CVE-2017-18788", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31315", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-014874", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1863", }, { date: "2020-04-22T14:15:11.817000", db: "NVD", id: "CVE-2017-18788", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31315", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-014874", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-1863", }, { date: "2024-11-21T03:20:55.460000", db: "NVD", id: "CVE-2017-18788", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1863", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014874", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1863", }, ], trust: 0.6, }, }
var-202004-0747
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR4500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0747", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.26", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.60", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.104", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.26", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.60", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.26", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.26", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.66", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.66", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57171", }, { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "NVD", id: "CVE-2019-20767", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015313", }, ], }, cve: "CVE-2019-20767", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2019-20767", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015313", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2021-57171", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2019-20767", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20767", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015313", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20767", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2019-20767", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015313", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-57171", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1204", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57171", }, { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "CNNVD", id: "CNNVD-202004-1204", }, { db: "NVD", id: "CVE-2019-20767", }, { db: "NVD", id: "CVE-2019-20767", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR4500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow", sources: [ { db: "NVD", id: "CVE-2019-20767", }, { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "CNVD", id: "CNVD-2021-57171", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20767", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015313", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-57171", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1204", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57171", }, { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "CNNVD", id: "CNNVD-202004-1204", }, { db: "NVD", id: "CVE-2019-20767", }, ], }, id: "VAR-202004-0747", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-57171", }, ], trust: 1.2305895954545454, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57171", }, ], }, last_update_date: "2024-11-23T21:51:35.231000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Modem Routers, PSV-2018-0116", trust: 0.8, url: "https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-57171)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/283641", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116503", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57171", }, { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "CNNVD", id: "CNNVD-202004-1204", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "NVD", id: "CVE-2019-20767", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20767", }, { trust: 1.6, url: "https://kb.netgear.com/000060632/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-modem-routers-psv-2018-0116", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20767", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57171", }, { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "CNNVD", id: "CNNVD-202004-1204", }, { db: "NVD", id: "CVE-2019-20767", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-57171", }, { db: "JVNDB", id: "JVNDB-2019-015313", }, { db: "CNNVD", id: "CNNVD-202004-1204", }, { db: "NVD", id: "CVE-2019-20767", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-31T00:00:00", db: "CNVD", id: "CNVD-2021-57171", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015313", }, { date: "2020-04-15T00:00:00", db: "CNNVD", id: "CNNVD-202004-1204", }, { date: "2020-04-15T14:15:18.560000", db: "NVD", id: "CVE-2019-20767", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-31T00:00:00", db: "CNVD", id: "CNVD-2021-57171", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015313", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1204", }, { date: "2024-11-21T04:39:18.773000", db: "NVD", id: "CVE-2019-20767", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1204", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015313", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1204", }, ], trust: 0.6, }, }
var-202004-1707
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1707", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28272", }, { db: "VULMON", id: "CVE-2018-21196", }, { db: "JVNDB", id: "JVNDB-2018-016364", }, { db: "NVD", id: "CVE-2018-21196", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016364", }, ], }, cve: "CVE-2018-21196", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21196", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016364", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28272", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21196", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21196", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016364", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21196", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21196", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016364", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28272", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2264", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21196", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28272", }, { db: "VULMON", id: "CVE-2018-21196", }, { db: "JVNDB", id: "JVNDB-2018-016364", }, { db: "CNNVD", id: "CNNVD-202004-2264", }, { db: "NVD", id: "CVE-2018-21196", }, { db: "NVD", id: "CVE-2018-21196", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21196", }, { db: "JVNDB", id: "JVNDB-2018-016364", }, { db: "CNVD", id: "CNVD-2020-28272", }, { db: "VULMON", id: "CVE-2018-21196", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21196", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016364", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28272", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2264", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21196", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28272", }, { db: "VULMON", id: "CVE-2018-21196", }, { db: "JVNDB", id: "JVNDB-2018-016364", }, { db: "CNNVD", id: "CNNVD-202004-2264", }, { db: "NVD", id: "CVE-2018-21196", }, ], }, id: "VAR-202004-1707", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28272", }, ], trust: 1.2116965357142857, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28272", }, ], }, last_update_date: "2024-11-23T23:07:58.308000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2599", trust: 0.8, url: "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28272)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217551", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28272", }, { db: "JVNDB", id: "JVNDB-2018-016364", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016364", }, { db: "NVD", id: "CVE-2018-21196", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21196", }, { trust: 1.7, url: "https://kb.netgear.com/000055153/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2599", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21196", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28272", }, { db: "VULMON", id: "CVE-2018-21196", }, { db: "JVNDB", id: "JVNDB-2018-016364", }, { db: "CNNVD", id: "CNNVD-202004-2264", }, { db: "NVD", id: "CVE-2018-21196", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28272", }, { db: "VULMON", id: "CVE-2018-21196", }, { db: "JVNDB", id: "JVNDB-2018-016364", }, { db: "CNNVD", id: "CNNVD-202004-2264", }, { db: "NVD", id: "CVE-2018-21196", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28272", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21196", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016364", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2264", }, { date: "2020-04-28T16:15:12.967000", db: "NVD", id: "CVE-2018-21196", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28272", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21196", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016364", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2264", }, { date: "2024-11-21T04:03:08.933000", db: "NVD", id: "CVE-2018-21196", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2264", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016364", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2264", }, ], trust: 0.6, }, }
var-201701-0161
Vulnerability from variot
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected
Show details on source website{ affected_products: { _id: null, data: [ { _id: null, model: "wnr2000v5", scope: null, trust: 1.6, vendor: "net gear", version: null, }, { _id: null, model: "wnr2000v3", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wndr4500v3", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr2000v5", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr2050", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr2000v4", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wndr4300", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr2500", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "d7800", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr1000v2", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "d6100", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "r7500v2", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "r2000", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wndr3700v4", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr614", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wndr3800", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wndr4700", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr1000v4", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "r6100", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "jnr3300", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "jwnr2010v5", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "r6220", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr2020", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr2200", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wndr4300v2", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr618", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "r7500", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "d7000", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "jnr1010v2", scope: "eq", trust: 1, vendor: "netgear", version: null, }, { _id: null, model: "wnr2000", scope: "eq", trust: 0.9, vendor: "netgear", version: "5", }, { _id: null, model: "wnr2000v5", scope: "eq", trust: 0.6, vendor: "netgear", version: "1.0.0.34", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01201", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007707", }, { db: "CNNVD", id: "CNNVD-201702-105", }, { db: "NVD", id: "CVE-2016-10174", }, ], }, configurations: { _id: null, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/h:netgear:wnr2000v5", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000v5_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-007707", }, ], }, credits: { _id: null, data: "Pedro Ribeiro.", sources: [ { db: "BID", id: "95867", }, ], trust: 0.3, }, cve: "CVE-2016-10174", cvss: { _id: null, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2016-10174", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2017-01201", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-88924", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-10174", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2016-10174", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-10174", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2016-10174", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2017-01201", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201702-105", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-88924", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-10174", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01201", }, { db: "VULHUB", id: "VHN-88924", }, { db: "VULMON", id: "CVE-2016-10174", }, { db: "JVNDB", id: "JVNDB-2016-007707", }, { db: "CNNVD", id: "CNNVD-201702-105", }, { db: "NVD", id: "CVE-2016-10174", }, ], }, description: { _id: null, data: "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information disclosure vulnerability\n3. Failed exploit attempts will likely cause a denial-of-service condition. \nNetgear WNR2000 firmware version 5 is affected; other versions may also be affected", sources: [ { db: "NVD", id: "CVE-2016-10174", }, { db: "JVNDB", id: "JVNDB-2016-007707", }, { db: "CNVD", id: "CNVD-2017-01201", }, { db: "BID", id: "95867", }, { db: "VULHUB", id: "VHN-88924", }, { db: "VULMON", id: "CVE-2016-10174", }, ], trust: 2.61, }, exploit_availability: { _id: null, data: [ { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=41719", trust: 0.2, type: "exploit", }, { reference: "https://www.scap.org.cn/vuln/vhn-88924", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-88924", }, { db: "VULMON", id: "CVE-2016-10174", }, ], }, external_ids: { _id: null, data: [ { db: "NVD", id: "CVE-2016-10174", trust: 3.5, }, { db: "BID", id: "95867", trust: 2.7, }, { db: "EXPLOIT-DB", id: "40949", trust: 1.2, }, { db: "EXPLOIT-DB", id: "41719", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-007707", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201702-105", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-01201", trust: 0.6, }, { db: "PACKETSTORM", id: "141806", trust: 0.1, }, { db: "VULHUB", id: "VHN-88924", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-10174", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01201", }, { db: "VULHUB", id: "VHN-88924", }, { db: "VULMON", id: "CVE-2016-10174", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007707", }, { db: "CNNVD", id: "CNNVD-201702-105", }, { db: "NVD", id: "CVE-2016-10174", }, ], }, id: "VAR-201701-0161", iot: { _id: null, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-01201", }, { db: "VULHUB", id: "VHN-88924", }, ], trust: 1.349292958888889, }, iot_taxonomy: { _id: null, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01201", }, ], }, last_update_date: "2024-11-23T21:42:11.569000Z", patch: { _id: null, data: [ { title: "Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255", trust: 0.8, url: "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability", }, { title: "NETGEARWNR2000v5routerhidden_lang_avi patch overflow vulnerability patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/89178", }, { title: "NETGEAR WNR2000v5 Repair measures for router buffer error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67476", }, { title: "BleepingComputer", trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01201", }, { db: "VULMON", id: "CVE-2016-10174", }, { db: "JVNDB", id: "JVNDB-2016-007707", }, { db: "CNNVD", id: "CNNVD-201702-105", }, ], }, problemtype_data: { _id: null, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "CWE-119", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-88924", }, { db: "JVNDB", id: "JVNDB-2016-007707", }, { db: "NVD", id: "CVE-2016-10174", }, ], }, references: { _id: null, data: [ { trust: 2.6, url: "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt", }, { trust: 2.4, url: "http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability", }, { trust: 1.8, url: "http://www.securityfocus.com/bid/95867", }, { trust: 1.8, url: "http://seclists.org/fulldisclosure/2016/dec/72", }, { trust: 1.3, url: "https://www.exploit-db.com/exploits/41719/", }, { trust: 1.2, url: "https://www.exploit-db.com/exploits/40949/", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10174", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10174", }, { trust: 0.3, url: "http://www.netgear.com", }, { trust: 0.3, url: "http://seclists.org/fulldisclosure/2017/jan/88", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/119.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.rapid7.com/db/modules/exploit/linux/http/netgear_wnr2000_rce", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01201", }, { db: "VULHUB", id: "VHN-88924", }, { db: "VULMON", id: "CVE-2016-10174", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007707", }, { db: "CNNVD", id: "CNNVD-201702-105", }, { db: "NVD", id: "CVE-2016-10174", }, ], }, sources: { _id: null, data: [ { db: "CNVD", id: "CNVD-2017-01201", ident: null, }, { db: "VULHUB", id: "VHN-88924", ident: null, }, { db: "VULMON", id: "CVE-2016-10174", ident: null, }, { db: "BID", id: "95867", ident: null, }, { db: "JVNDB", id: "JVNDB-2016-007707", ident: null, }, { db: "CNNVD", id: "CNNVD-201702-105", ident: null, }, { db: "NVD", id: "CVE-2016-10174", ident: null, }, ], }, sources_release_date: { _id: null, data: [ { date: "2017-02-10T00:00:00", db: "CNVD", id: "CNVD-2017-01201", ident: null, }, { date: "2017-01-30T00:00:00", db: "VULHUB", id: "VHN-88924", ident: null, }, { date: "2017-01-30T00:00:00", db: "VULMON", id: "CVE-2016-10174", ident: null, }, { date: "2017-01-30T00:00:00", db: "BID", id: "95867", ident: null, }, { date: "2017-03-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-007707", ident: null, }, { date: "2017-01-29T00:00:00", db: "CNNVD", id: "CNNVD-201702-105", ident: null, }, { date: "2017-01-30T04:59:00.157000", db: "NVD", id: "CVE-2016-10174", ident: null, }, ], }, sources_update_date: { _id: null, data: [ { date: "2017-02-10T00:00:00", db: "CNVD", id: "CNVD-2017-01201", ident: null, }, { date: "2017-09-03T00:00:00", db: "VULHUB", id: "VHN-88924", ident: null, }, { date: "2017-09-03T00:00:00", db: "VULMON", id: "CVE-2016-10174", ident: null, }, { date: "2017-02-02T01:03:00", db: "BID", id: "95867", ident: null, }, { date: "2017-03-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-007707", ident: null, }, { date: "2017-03-03T00:00:00", db: "CNNVD", id: "CNNVD-201702-105", ident: null, }, { date: "2024-11-21T02:43:28.730000", db: "NVD", id: "CVE-2016-10174", ident: null, }, ], }, threat_type: { _id: null, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201702-105", }, ], trust: 0.6, }, title: { _id: null, data: "NETGEAR WNR2000v5 Router buffer overflow vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2016-007707", }, ], trust: 0.8, }, type: { _id: null, data: "buffer overflow", sources: [ { db: "CNNVD", id: "CNNVD-201702-105", }, ], trust: 0.6, }, }
var-202005-0732
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR R9000, R7800, R7500, etc. are all wireless routers from NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code. This affects R9000 prior to 1.0.2.40, R6100 prior to 1.0.1.1, 6R7500 prior to 1.0.0.110, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.36, WNDR4300v2 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.58
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0732", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.36", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "6r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.110", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.1", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.58", }, { model: "6r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.110", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.1", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.20", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58.", }, { model: "wnr2000v5", scope: null, trust: 0.6, vendor: "netgear", version: null, }, { model: "r7800", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r7500v2", scope: null, trust: 0.6, vendor: "netgear", version: null, }, { model: "wndr4300v2", scope: null, trust: 0.6, vendor: "netgear", version: null, }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28035", }, { db: "VULMON", id: "CVE-2017-18866", }, { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "NVD", id: "CVE-2017-18866", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:6r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-015010", }, ], }, cve: "CVE-2017-18866", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2017-18866", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2017-015010", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2021-28035", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2017-18866", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.1, id: "CVE-2017-18866", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2017-015010", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18866", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18866", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-015010", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-28035", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202005-115", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2017-18866", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28035", }, { db: "VULMON", id: "CVE-2017-18866", }, { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "CNNVD", id: "CNNVD-202005-115", }, { db: "NVD", id: "CVE-2017-18866", }, { db: "NVD", id: "CVE-2017-18866", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR R9000, R7800, R7500, etc. are all wireless routers from NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code. This affects R9000 prior to 1.0.2.40, R6100 prior to 1.0.1.1, 6R7500 prior to 1.0.0.110, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.36, WNDR4300v2 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.58", sources: [ { db: "NVD", id: "CVE-2017-18866", }, { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "CNVD", id: "CNVD-2021-28035", }, { db: "VULMON", id: "CVE-2017-18866", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18866", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2017-015010", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-28035", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202005-115", trust: 0.6, }, { db: "VULMON", id: "CVE-2017-18866", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28035", }, { db: "VULMON", id: "CVE-2017-18866", }, { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "CNNVD", id: "CNNVD-202005-115", }, { db: "NVD", id: "CVE-2017-18866", }, ], }, id: "VAR-202005-0732", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-28035", }, ], trust: 1.2609754677777776, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28035", }, ], }, last_update_date: "2024-11-23T23:04:23.983000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross Site Scripting on Routers, PSV-2016-0100", trust: 0.8, url: "https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100", }, { title: "Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2021-28035)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/257996", }, { title: "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117672", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28035", }, { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "CNNVD", id: "CNNVD-202005-115", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "NVD", id: "CVE-2017-18866", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18866", }, { trust: 1.7, url: "https://kb.netgear.com/000051472/security-advisory-for-stored-cross-site-scripting-on-routers-psv-2016-0100", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18866", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28035", }, { db: "VULMON", id: "CVE-2017-18866", }, { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "CNNVD", id: "CNNVD-202005-115", }, { db: "NVD", id: "CVE-2017-18866", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-28035", }, { db: "VULMON", id: "CVE-2017-18866", }, { db: "JVNDB", id: "JVNDB-2017-015010", }, { db: "CNNVD", id: "CNNVD-202005-115", }, { db: "NVD", id: "CVE-2017-18866", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-14T00:00:00", db: "CNVD", id: "CNVD-2021-28035", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2017-18866", }, { date: "2020-06-05T00:00:00", db: "JVNDB", id: "JVNDB-2017-015010", }, { date: "2020-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202005-115", }, { date: "2020-05-05T14:15:12.327000", db: "NVD", id: "CVE-2017-18866", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-23T00:00:00", db: "CNVD", id: "CNVD-2021-28035", }, { date: "2020-05-08T00:00:00", db: "VULMON", id: "CVE-2017-18866", }, { date: "2020-06-05T00:00:00", db: "JVNDB", id: "JVNDB-2017-015010", }, { date: "2020-05-09T00:00:00", db: "CNNVD", id: "CNNVD-202005-115", }, { date: "2024-11-21T03:21:07.843000", db: "NVD", id: "CVE-2017-18866", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202005-115", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-015010", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202005-115", }, ], trust: 0.6, }, }
var-202004-1657
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1657", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.56", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46563", }, { db: "VULMON", id: "CVE-2018-21211", }, { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "NVD", id: "CVE-2018-21211", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016359", }, ], }, cve: "CVE-2018-21211", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21211", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016359", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-46563", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21211", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21211", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016359", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21211", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21211", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016359", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-46563", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2284", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21211", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46563", }, { db: "VULMON", id: "CVE-2018-21211", }, { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "CNNVD", id: "CNNVD-202004-2284", }, { db: "NVD", id: "CVE-2018-21211", }, { db: "NVD", id: "CVE-2018-21211", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21211", }, { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "CNVD", id: "CNVD-2021-46563", }, { db: "VULMON", id: "CVE-2018-21211", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21211", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016359", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-46563", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2284", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21211", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46563", }, { db: "VULMON", id: "CVE-2018-21211", }, { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "CNNVD", id: "CNNVD-202004-2284", }, { db: "NVD", id: "CVE-2018-21211", }, ], }, id: "VAR-202004-1657", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-46563", }, ], trust: 1.2545377938461537, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46563", }, ], }, last_update_date: "2024-11-23T23:11:26.727000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2491", trust: 0.8, url: "https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-46563)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/276321", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117376", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46563", }, { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "CNNVD", id: "CNNVD-202004-2284", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "NVD", id: "CVE-2018-21211", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21211", }, { trust: 1.7, url: "https://kb.netgear.com/000055138/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-and-gateways-psv-2017-2491", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21211", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46563", }, { db: "VULMON", id: "CVE-2018-21211", }, { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "CNNVD", id: "CNNVD-202004-2284", }, { db: "NVD", id: "CVE-2018-21211", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-46563", }, { db: "VULMON", id: "CVE-2018-21211", }, { db: "JVNDB", id: "JVNDB-2018-016359", }, { db: "CNNVD", id: "CNNVD-202004-2284", }, { db: "NVD", id: "CVE-2018-21211", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-01T00:00:00", db: "CNVD", id: "CNVD-2021-46563", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21211", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016359", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2284", }, { date: "2020-04-28T16:15:13.950000", db: "NVD", id: "CVE-2018-21211", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-02T00:00:00", db: "CNVD", id: "CNVD-2021-46563", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21211", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016359", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2284", }, { date: "2024-11-21T04:03:11.257000", db: "NVD", id: "CVE-2018-21211", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2284", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in the product", sources: [ { db: "JVNDB", id: "JVNDB-2018-016359", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2284", }, ], trust: 0.6, }, }
var-201701-0162
Vulnerability from variot
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. A stack-buffer overflow vulnerability An attacker may leverage this issue to bypass the authentication mechanism and perform unauthorized actions, obtain sensitive information, or execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router
Show details on source website{ affected_products: { _id: null, data: [ { _id: null, model: "wnr2000v5", scope: null, trust: 1.6, vendor: "net gear", version: null, }, { _id: null, model: "wnr2000v5", scope: "lte", trust: 1, vendor: "netgear", version: "1.0.0.34", }, { _id: null, model: "wnr2000", scope: "eq", trust: 0.9, vendor: "netgear", version: "5", }, { _id: null, model: "wnr2000v5", scope: "eq", trust: 0.6, vendor: "netgear", version: "1.0.0.34", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01202", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007708", }, { db: "CNNVD", id: "CNNVD-201702-104", }, { db: "NVD", id: "CVE-2016-10175", }, ], }, configurations: { _id: null, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/h:netgear:wnr2000v5", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000v5_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-007708", }, ], }, credits: { _id: null, data: "Pedro Ribeiro.", sources: [ { db: "BID", id: "95867", }, ], trust: 0.3, }, cve: "CVE-2016-10175", cvss: { _id: null, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2016-10175", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2017-01202", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-88925", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-10175", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-10175", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2016-10175", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2017-01202", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201702-104", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-88925", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-10175", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01202", }, { db: "VULHUB", id: "VHN-88925", }, { db: "VULMON", id: "CVE-2016-10175", }, { db: "JVNDB", id: "JVNDB-2016-007708", }, { db: "CNNVD", id: "CNNVD-201702-104", }, { db: "NVD", id: "CVE-2016-10175", }, ], }, description: { _id: null, data: "The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information disclosure vulnerability\n3. A stack-buffer overflow vulnerability\nAn attacker may leverage this issue to bypass the authentication mechanism and perform unauthorized actions, obtain sensitive information, or execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. \nNetgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router", sources: [ { db: "NVD", id: "CVE-2016-10175", }, { db: "JVNDB", id: "JVNDB-2016-007708", }, { db: "CNVD", id: "CNVD-2017-01202", }, { db: "BID", id: "95867", }, { db: "VULHUB", id: "VHN-88925", }, { db: "VULMON", id: "CVE-2016-10175", }, ], trust: 2.61, }, exploit_availability: { _id: null, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-88925", trust: 0.1, type: "unknown", }, { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=40949", trust: 0.1, type: "exploit", }, ], sources: [ { db: "VULHUB", id: "VHN-88925", }, { db: "VULMON", id: "CVE-2016-10175", }, ], }, external_ids: { _id: null, data: [ { db: "NVD", id: "CVE-2016-10175", trust: 3.5, }, { db: "BID", id: "95867", trust: 2.7, }, { db: "EXPLOIT-DB", id: "40949", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-007708", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201702-104", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-01202", trust: 0.6, }, { db: "PACKETSTORM", id: "140235", trust: 0.1, }, { db: "VULHUB", id: "VHN-88925", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-10175", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01202", }, { db: "VULHUB", id: "VHN-88925", }, { db: "VULMON", id: "CVE-2016-10175", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007708", }, { db: "CNNVD", id: "CNNVD-201702-104", }, { db: "NVD", id: "CVE-2016-10175", }, ], }, id: "VAR-201701-0162", iot: { _id: null, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-01202", }, { db: "VULHUB", id: "VHN-88925", }, ], trust: 1.5116521, }, iot_taxonomy: { _id: null, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01202", }, ], }, last_update_date: "2024-11-23T21:42:11.527000Z", patch: { _id: null, data: [ { title: "Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255", trust: 0.8, url: "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability", }, { title: "NETGEARWNR2000v5router information disclosure vulnerability patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/89177", }, { title: "NETGEAR WNR2000v5 Repair measures for router security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67475", }, { title: "BleepingComputer", trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01202", }, { db: "VULMON", id: "CVE-2016-10175", }, { db: "JVNDB", id: "JVNDB-2016-007708", }, { db: "CNNVD", id: "CNNVD-201702-104", }, ], }, problemtype_data: { _id: null, data: [ { problemtype: "CWE-200", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-88925", }, { db: "JVNDB", id: "JVNDB-2016-007708", }, { db: "NVD", id: "CVE-2016-10175", }, ], }, references: { _id: null, data: [ { trust: 2.6, url: "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt", }, { trust: 2.4, url: "http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability", }, { trust: 1.8, url: "http://www.securityfocus.com/bid/95867", }, { trust: 1.8, url: "http://seclists.org/fulldisclosure/2016/dec/72", }, { trust: 1.3, url: "https://www.exploit-db.com/exploits/40949/", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10175", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10175", }, { trust: 0.3, url: "http://www.netgear.com", }, { trust: 0.3, url: "http://seclists.org/fulldisclosure/2017/jan/88", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.rapid7.com/db/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery", }, { trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01202", }, { db: "VULHUB", id: "VHN-88925", }, { db: "VULMON", id: "CVE-2016-10175", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007708", }, { db: "CNNVD", id: "CNNVD-201702-104", }, { db: "NVD", id: "CVE-2016-10175", }, ], }, sources: { _id: null, data: [ { db: "CNVD", id: "CNVD-2017-01202", ident: null, }, { db: "VULHUB", id: "VHN-88925", ident: null, }, { db: "VULMON", id: "CVE-2016-10175", ident: null, }, { db: "BID", id: "95867", ident: null, }, { db: "JVNDB", id: "JVNDB-2016-007708", ident: null, }, { db: "CNNVD", id: "CNNVD-201702-104", ident: null, }, { db: "NVD", id: "CVE-2016-10175", ident: null, }, ], }, sources_release_date: { _id: null, data: [ { date: "2017-02-10T00:00:00", db: "CNVD", id: "CNVD-2017-01202", ident: null, }, { date: "2017-01-30T00:00:00", db: "VULHUB", id: "VHN-88925", ident: null, }, { date: "2017-01-30T00:00:00", db: "VULMON", id: "CVE-2016-10175", ident: null, }, { date: "2017-01-30T00:00:00", db: "BID", id: "95867", ident: null, }, { date: "2017-03-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-007708", ident: null, }, { date: "2017-01-29T00:00:00", db: "CNNVD", id: "CNNVD-201702-104", ident: null, }, { date: "2017-01-30T04:59:00.203000", db: "NVD", id: "CVE-2016-10175", ident: null, }, ], }, sources_update_date: { _id: null, data: [ { date: "2017-02-10T00:00:00", db: "CNVD", id: "CNVD-2017-01202", ident: null, }, { date: "2017-09-03T00:00:00", db: "VULHUB", id: "VHN-88925", ident: null, }, { date: "2017-09-03T00:00:00", db: "VULMON", id: "CVE-2016-10175", ident: null, }, { date: "2017-02-02T01:03:00", db: "BID", id: "95867", ident: null, }, { date: "2017-03-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-007708", ident: null, }, { date: "2017-02-10T00:00:00", db: "CNNVD", id: "CNNVD-201702-104", ident: null, }, { date: "2024-11-21T02:43:28.927000", db: "NVD", id: "CVE-2016-10175", ident: null, }, ], }, threat_type: { _id: null, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201702-104", }, ], trust: 0.6, }, title: { _id: null, data: "NETGEAR WNR2000v5 Vulnerability to leak serial number in router", sources: [ { db: "JVNDB", id: "JVNDB-2016-007708", }, ], trust: 0.8, }, type: { _id: null, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201702-104", }, ], trust: 0.6, }, }
var-202004-0797
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0797", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.26", }, { model: "ex8000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.180", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.61", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.60", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.26", }, { model: "ex2700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.48", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.70", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.60", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.61", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.48", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.72", }, { model: "ex8000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.180", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.26", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.26", }, { model: "ex6100v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6150v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.76", }, { model: "wn2000rptv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.32", }, { model: "wn3000rpv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.70", }, { model: "wn3100rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.66", }, { model: "wn3000rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "ex6200v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.72", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66985", }, { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "NVD", id: "CVE-2019-20751", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex8000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015366", }, ], }, cve: "CVE-2019-20751", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20751", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015366", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-66985", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20751", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20751", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015366", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20751", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20751", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015366", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-66985", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1362", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66985", }, { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "CNNVD", id: "CNNVD-202004-1362", }, { db: "NVD", id: "CVE-2019-20751", }, { db: "NVD", id: "CVE-2019-20751", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc", sources: [ { db: "NVD", id: "CVE-2019-20751", }, { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "CNVD", id: "CNVD-2021-66985", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20751", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015366", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-66985", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1362", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66985", }, { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "CNNVD", id: "CNNVD-202004-1362", }, { db: "NVD", id: "CVE-2019-20751", }, ], }, id: "VAR-202004-0797", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-66985", }, ], trust: 1.2212749289999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66985", }, ], }, last_update_date: "2024-11-23T22:37:25.511000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Extenders, Gateways, and Routers, PSV-2018-0171", trust: 0.8, url: "https://kb.netgear.com/000060964/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0171", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-66985)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/288721", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115006", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66985", }, { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "CNNVD", id: "CNNVD-202004-1362", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "NVD", id: "CVE-2019-20751", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20751", }, { trust: 1.6, url: "https://kb.netgear.com/000060964/security-advisory-for-post-authentication-stack-overflow-on-some-extenders-gateways-and-routers-psv-2018-0171", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20751", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-66985", }, { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "CNNVD", id: "CNNVD-202004-1362", }, { db: "NVD", id: "CVE-2019-20751", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-66985", }, { db: "JVNDB", id: "JVNDB-2019-015366", }, { db: "CNNVD", id: "CNNVD-202004-1362", }, { db: "NVD", id: "CVE-2019-20751", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-31T00:00:00", db: "CNVD", id: "CNVD-2021-66985", }, { date: "2020-05-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-015366", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1362", }, { date: "2020-04-16T21:15:13.067000", db: "NVD", id: "CVE-2019-20751", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-31T00:00:00", db: "CNVD", id: "CNVD-2021-66985", }, { date: "2020-05-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-015366", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1362", }, { date: "2024-11-21T04:39:16.010000", db: "NVD", id: "CVE-2019-20751", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1362", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015366", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1362", }, ], trust: 0.6, }, }
var-202004-1699
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.30, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1699", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28248", }, { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "NVD", id: "CVE-2018-21188", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016373", }, ], }, cve: "CVE-2018-21188", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21188", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016373", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28248", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21188", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21188", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016373", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21188", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21188", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016373", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28248", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2254", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21188", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28248", }, { db: "VULMON", id: "CVE-2018-21188", }, { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "CNNVD", id: "CNNVD-202004-2254", }, { db: "NVD", id: "CVE-2018-21188", }, { db: "NVD", id: "CVE-2018-21188", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.30, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21188", }, { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "CNVD", id: "CNVD-2020-28248", }, { db: "VULMON", id: "CVE-2018-21188", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21188", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016373", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28248", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2254", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21188", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28248", }, { db: "VULMON", id: "CVE-2018-21188", }, { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "CNNVD", id: "CNNVD-202004-2254", }, { db: "NVD", id: "CVE-2018-21188", }, ], }, id: "VAR-202004-1699", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28248", }, ], trust: 1.300062814, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28248", }, ], }, last_update_date: "2024-11-23T23:11:26.663000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2607", trust: 0.8, url: "https://kb.netgear.com/000055169/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2607", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28248)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217461", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117346", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28248", }, { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "CNNVD", id: "CNNVD-202004-2254", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "NVD", id: "CVE-2018-21188", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21188", }, { trust: 1.7, url: "https://kb.netgear.com/000055169/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2607", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21188", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28248", }, { db: "VULMON", id: "CVE-2018-21188", }, { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "CNNVD", id: "CNNVD-202004-2254", }, { db: "NVD", id: "CVE-2018-21188", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28248", }, { db: "VULMON", id: "CVE-2018-21188", }, { db: "JVNDB", id: "JVNDB-2018-016373", }, { db: "CNNVD", id: "CNNVD-202004-2254", }, { db: "NVD", id: "CVE-2018-21188", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28248", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21188", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016373", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2254", }, { date: "2020-04-28T15:15:12.487000", db: "NVD", id: "CVE-2018-21188", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28248", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21188", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016373", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2254", }, { date: "2024-11-21T04:03:07.670000", db: "NVD", id: "CVE-2018-21188", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2254", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016373", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2254", }, ], trust: 0.6, }, }
var-202004-1700
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1700", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28249", }, { db: "VULMON", id: "CVE-2018-21189", }, { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "NVD", id: "CVE-2018-21189", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016372", }, ], }, cve: "CVE-2018-21189", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21189", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016372", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28249", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21189", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21189", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016372", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21189", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21189", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016372", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28249", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2251", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21189", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28249", }, { db: "VULMON", id: "CVE-2018-21189", }, { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "CNNVD", id: "CNNVD-202004-2251", }, { db: "NVD", id: "CVE-2018-21189", }, { db: "NVD", id: "CVE-2018-21189", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21189", }, { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "CNVD", id: "CNVD-2020-28249", }, { db: "VULMON", id: "CVE-2018-21189", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21189", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016372", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28249", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2251", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21189", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28249", }, { db: "VULMON", id: "CVE-2018-21189", }, { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "CNNVD", id: "CNNVD-202004-2251", }, { db: "NVD", id: "CVE-2018-21189", }, ], }, id: "VAR-202004-1700", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28249", }, ], trust: 1.2939943166666668, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28249", }, ], }, last_update_date: "2024-11-23T22:37:24.646000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2606", trust: 0.8, url: "https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606", }, { title: "Patch for Multiple NETGEAR products buffer overflow (CNVD-2020-28249)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217459", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117344", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28249", }, { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "CNNVD", id: "CNNVD-202004-2251", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "NVD", id: "CVE-2018-21189", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21189", }, { trust: 1.7, url: "https://kb.netgear.com/000055168/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2606", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21189", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28249", }, { db: "VULMON", id: "CVE-2018-21189", }, { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "CNNVD", id: "CNNVD-202004-2251", }, { db: "NVD", id: "CVE-2018-21189", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28249", }, { db: "VULMON", id: "CVE-2018-21189", }, { db: "JVNDB", id: "JVNDB-2018-016372", }, { db: "CNNVD", id: "CNNVD-202004-2251", }, { db: "NVD", id: "CVE-2018-21189", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28249", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21189", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016372", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2251", }, { date: "2020-04-28T15:15:12.550000", db: "NVD", id: "CVE-2018-21189", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28249", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21189", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016372", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2251", }, { date: "2024-11-21T04:03:07.827000", db: "NVD", id: "CVE-2018-21189", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2251", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016372", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2251", }, ], trust: 0.6, }, }
var-202004-1682
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1682", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48930", }, { db: "VULMON", id: "CVE-2018-21224", }, { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "NVD", id: "CVE-2018-21224", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016338", }, ], }, cve: "CVE-2018-21224", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21224", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016338", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-48930", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21224", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21224", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016338", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21224", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21224", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016338", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-48930", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2319", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21224", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48930", }, { db: "VULMON", id: "CVE-2018-21224", }, { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "CNNVD", id: "CNNVD-202004-2319", }, { db: "NVD", id: "CVE-2018-21224", }, { db: "NVD", id: "CVE-2018-21224", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21224", }, { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "CNVD", id: "CNVD-2021-48930", }, { db: "VULMON", id: "CVE-2018-21224", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21224", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016338", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-48930", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2319", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21224", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48930", }, { db: "VULMON", id: "CVE-2018-21224", }, { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "CNNVD", id: "CNNVD-202004-2319", }, { db: "NVD", id: "CVE-2018-21224", }, ], }, id: "VAR-202004-1682", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-48930", }, ], trust: 1.2824539991666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48930", }, ], }, last_update_date: "2024-11-23T22:48:01.233000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2456", trust: 0.8, url: "https://kb.netgear.com/000055113/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2456", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-48930)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/277381", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117410", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48930", }, { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "CNNVD", id: "CNNVD-202004-2319", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "NVD", id: "CVE-2018-21224", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21224", }, { trust: 1.7, url: "https://kb.netgear.com/000055113/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-and-gateways-psv-2017-2456", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21224", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48930", }, { db: "VULMON", id: "CVE-2018-21224", }, { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "CNNVD", id: "CNNVD-202004-2319", }, { db: "NVD", id: "CVE-2018-21224", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-48930", }, { db: "VULMON", id: "CVE-2018-21224", }, { db: "JVNDB", id: "JVNDB-2018-016338", }, { db: "CNNVD", id: "CNNVD-202004-2319", }, { db: "NVD", id: "CVE-2018-21224", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-08T00:00:00", db: "CNVD", id: "CNVD-2021-48930", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21224", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016338", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2319", }, { date: "2020-04-28T17:15:13.103000", db: "NVD", id: "CVE-2018-21224", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-09T00:00:00", db: "CNVD", id: "CNVD-2021-48930", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2018-21224", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016338", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2319", }, { date: "2024-11-21T04:03:13.280000", db: "NVD", id: "CVE-2018-21224", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2319", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2018-016338", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2319", }, ], trust: 0.6, }, }
var-202004-1262
Vulnerability from variot
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. This affects AC1450 prior to 2017-01-06, C6300 prior to 2017-01-06, D500 prior to 2017-01-06, D1500 prior to 2017-01-06, D3600 prior to 2017-01-06, D6000 prior to 2017-01-06, D6100 prior to 2017-01-06, D6200 prior to 2017-01-06, D6200B prior to 2017-01-06, D6300B prior to 2017-01-06, D6300 prior to 2017-01-06, DGN1000v3 prior to 2017-01-06, DGN2200v1 prior to 2017-01-06, DGN2200v3 prior to 2017-01-06, DGN2200V4 prior to 2017-01-06, DGN2200Bv3 prior to 2017-01-06, DGN2200Bv4 prior to 2017-01-06, DGND3700v1 prior to 2017-01-06, DGND3700v2 prior to 2017-01-06, DGND3700Bv2 prior to 2017-01-06, JNR1010v1 prior to 2017-01-06, JNR1010v2 prior to 2017-01-06, JNR3300 prior to 2017-01-06, JR6100 prior to 2017-01-06, JR6150 prior to 2017-01-06, JWNR2000v5 prior to 2017-01-06, R2000 prior to 2017-01-06, R6050 prior to 2017-01-06, R6100 prior to 2017-01-06, R6200 prior to 2017-01-06, R6200v2 prior to 2017-01-06, R6220 prior to 2017-01-06, R6250 prior to 2017-01-06, R6300 prior to 2017-01-06, R6300v2 prior to 2017-01-06, R6700 prior to 2017-01-06, R7000 prior to 2017-01-06, R7900 prior to 2017-01-06, R7500 prior to 2017-01-06, R8000 prior to 2017-01-06, WGR614v10 prior to 2017-01-06, WNR1000v2 prior to 2017-01-06, WNR1000v3 prior to 2017-01-06, WNR1000v4 prior to 2017-01-06, WNR2000v3 prior to 2017-01-06, WNR2000v4 prior to 2017-01-06, WNR2000v5 prior to 2017-01-06, WNR2200 prior to 2017-01-06, WNR2500 prior to 2017-01-06, WNR3500Lv2 prior to 2017-01-06, WNDR3400v2 prior to 2017-01-06, WNDR3400v3 prior to 2017-01-06, WNDR3700v3 prior to 2017-01-06, WNDR3700v4 prior to 2017-01-06, WNDR3700v5 prior to 2017-01-06, WNDR4300 prior to 2017-01-06, WNDR4300v2 prior to 2017-01-06, WNDR4500v1 prior to 2017-01-06, WNDR4500v2 prior to 2017-01-06, and WNDR4500v3 prior to 2017-01-06
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1262", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r2000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wndr3400", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "dgn2200", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "dgnd3700b", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d6300", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "jr6150", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "ac1450", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r6220", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wnr2200", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d6200b", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r6200", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "dgn2200b", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wnr2500", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "jr6100", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "jwnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r6050", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "dgnd3700", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wnr3500l", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wgr614", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "jnr3300", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r6250", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d6200", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d500", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d6300b", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "d1500", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "c6300", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "dgn1000", scope: "lt", trust: 1, vendor: "netgear", version: "2017-01-06", }, { model: "ac1450", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "c6300", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d1500", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d500", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d6200b", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d6300", scope: "eq", trust: 0.8, vendor: "netgear", version: "2017/01/06", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "ac1450", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ac1450", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.36", }, { model: "d1500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.20", }, { model: "d1500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.25", }, { model: "d1500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.27", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.67", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.72", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.76", }, { model: "d500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.25", }, { model: "d500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.27", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.72", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.76", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.57", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.63", }, { model: "d6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.00.24", }, { model: "d6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.00.28", }, { model: "d6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.00.30", }, { model: "d6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.00.32", }, { model: "d6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.00.34", }, { model: "d6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.00.36", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.82", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.86", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.94", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.96", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.102", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.106", }, { model: "dgn2200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.82", }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.94", }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.96", }, { model: "dgn2200b", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.102", }, { model: "dgnd3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.32", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.44", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.48", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.50", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.54", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.17", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.7", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.10", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.18", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.86", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.7", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.10", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.10j", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.18", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.1", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6200", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6200", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.14", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.50", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.60", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.64", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.66", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.68", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.80", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.86", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.6 10.1.12", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.8", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.12", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.14", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.16", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.20", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.26", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.30", }, { model: "r6250", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.34", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.36", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.06", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.6", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.8", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.8 10.0.77", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.12", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.18", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.22", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.24", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.28", }, { model: "r6300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.32", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.20", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.26", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.30", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.36", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.44", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.46", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.48", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.6", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.8", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.66", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.84", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.38", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.1.20", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.2", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.4", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.12", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.14", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.16", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.24", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.36", }, { model: "r6700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.62", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.7.2 1.1.93", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.7.10", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.4", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.6", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.10", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.12", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.14", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.18", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.26", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.28", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.32", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.34", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.42", }, { model: "r7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.9.60", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.24", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.26", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.34", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.36", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.38", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.40", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.46", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.8", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.18", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.26", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.10", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.8", }, { model: "r7900", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.22", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.24", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.26", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.32", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.36", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.44", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.46", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.48", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.54", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.2", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.4", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.4 1.1.42", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.12", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.18", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.28", }, { model: "r8000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.4.46", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.8", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.18", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "wndr3400", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.122", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.48", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.50", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.72", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.48", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.44", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.48", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.50", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.54", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.64", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.8", }, { model: "wnr2500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr2500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.40", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.44", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.46", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.48", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.50", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.54", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.0.56", }, { model: "wnr3500l", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.2.2.44 35.0.53na", }, ], sources: [ { db: "VULMON", id: "CVE-2016-11059", }, { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "NVD", id: "CVE-2016-11059", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:ac1450_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:c6300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d1500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6200b_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014989", }, ], }, cve: "CVE-2016-11059", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2016-11059", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014989", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-11059", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014989", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-11059", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014989", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202004-2304", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-11059", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2016-11059", }, { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "CNNVD", id: "CNNVD-202004-2304", }, { db: "NVD", id: "CVE-2016-11059", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06. plural NETGEAR The device contains a vulnerability related to information leakage.Information may be obtained. This affects AC1450 prior to 2017-01-06, C6300 prior to 2017-01-06, D500 prior to 2017-01-06, D1500 prior to 2017-01-06, D3600 prior to 2017-01-06, D6000 prior to 2017-01-06, D6100 prior to 2017-01-06, D6200 prior to 2017-01-06, D6200B prior to 2017-01-06, D6300B prior to 2017-01-06, D6300 prior to 2017-01-06, DGN1000v3 prior to 2017-01-06, DGN2200v1 prior to 2017-01-06, DGN2200v3 prior to 2017-01-06, DGN2200V4 prior to 2017-01-06, DGN2200Bv3 prior to 2017-01-06, DGN2200Bv4 prior to 2017-01-06, DGND3700v1 prior to 2017-01-06, DGND3700v2 prior to 2017-01-06, DGND3700Bv2 prior to 2017-01-06, JNR1010v1 prior to 2017-01-06, JNR1010v2 prior to 2017-01-06, JNR3300 prior to 2017-01-06, JR6100 prior to 2017-01-06, JR6150 prior to 2017-01-06, JWNR2000v5 prior to 2017-01-06, R2000 prior to 2017-01-06, R6050 prior to 2017-01-06, R6100 prior to 2017-01-06, R6200 prior to 2017-01-06, R6200v2 prior to 2017-01-06, R6220 prior to 2017-01-06, R6250 prior to 2017-01-06, R6300 prior to 2017-01-06, R6300v2 prior to 2017-01-06, R6700 prior to 2017-01-06, R7000 prior to 2017-01-06, R7900 prior to 2017-01-06, R7500 prior to 2017-01-06, R8000 prior to 2017-01-06, WGR614v10 prior to 2017-01-06, WNR1000v2 prior to 2017-01-06, WNR1000v3 prior to 2017-01-06, WNR1000v4 prior to 2017-01-06, WNR2000v3 prior to 2017-01-06, WNR2000v4 prior to 2017-01-06, WNR2000v5 prior to 2017-01-06, WNR2200 prior to 2017-01-06, WNR2500 prior to 2017-01-06, WNR3500Lv2 prior to 2017-01-06, WNDR3400v2 prior to 2017-01-06, WNDR3400v3 prior to 2017-01-06, WNDR3700v3 prior to 2017-01-06, WNDR3700v4 prior to 2017-01-06, WNDR3700v5 prior to 2017-01-06, WNDR4300 prior to 2017-01-06, WNDR4300v2 prior to 2017-01-06, WNDR4500v1 prior to 2017-01-06, WNDR4500v2 prior to 2017-01-06, and WNDR4500v3 prior to 2017-01-06", sources: [ { db: "NVD", id: "CVE-2016-11059", }, { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "VULMON", id: "CVE-2016-11059", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-11059", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2017-014989", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-2304", trust: 0.6, }, { db: "VULMON", id: "CVE-2016-11059", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2016-11059", }, { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "CNNVD", id: "CNNVD-202004-2304", }, { db: "NVD", id: "CVE-2016-11059", }, ], }, id: "VAR-202004-1262", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4569339544444444, }, last_update_date: "2024-11-23T22:48:01.793000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR Product Vulnerability Advisory: Authentication Bypass and Information Disclosure on Home Routers", trust: 0.8, url: "https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers", }, { title: "Multiple NETGEAR Product information disclosure vulnerability repair measures", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117917", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "CNNVD", id: "CNNVD-202004-2304", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "NVD", id: "CVE-2016-11059", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/27253/netgear-product-vulnerability-advisory-authentication-bypass-and-information-disclosure-on-home-routers", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2016-11059", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-11059", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2016-11059", }, { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "CNNVD", id: "CNNVD-202004-2304", }, { db: "NVD", id: "CVE-2016-11059", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2016-11059", }, { db: "JVNDB", id: "JVNDB-2017-014989", }, { db: "CNNVD", id: "CNNVD-202004-2304", }, { db: "NVD", id: "CVE-2016-11059", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2016-11059", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2017-014989", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2304", }, { date: "2020-04-28T17:15:12.460000", db: "NVD", id: "CVE-2016-11059", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-06T00:00:00", db: "VULMON", id: "CVE-2016-11059", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2017-014989", }, { date: "2020-05-15T00:00:00", db: "CNNVD", id: "CNNVD-202004-2304", }, { date: "2024-11-21T02:45:24.220000", db: "NVD", id: "CVE-2016-11059", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2304", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Information leakage vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014989", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202004-2304", }, ], trust: 0.6, }, }
var-201612-0655
Vulnerability from variot
NetgearWNR2000 is a wireless router product from Netgear. A heap buffer overflow vulnerability exists in the NETGEARWNR2000 router. Since the router HTTP server processes *.cgi files by URL, an attacker exploiting the vulnerability can lead to a denial of service condition, leading to further attacks.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201612-0655", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "3", }, { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "4", }, { model: "wnr2000", scope: "eq", trust: 0.6, vendor: "netgear", version: "5", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], }, cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2016-13119", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "CNVD", id: "CNVD-2016-13119", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NetgearWNR2000 is a wireless router product from Netgear. A heap buffer overflow vulnerability exists in the NETGEARWNR2000 router. Since the router HTTP server processes *.cgi files by URL, an attacker exploiting the vulnerability can lead to a denial of service condition, leading to further attacks.", sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], trust: 0.6, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CNVD", id: "CNVD-2016-13119", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], }, id: "VAR-201612-0655", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], }, last_update_date: "2022-05-04T10:19:38.144000Z", references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 0.6, url: "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-12-27T00:00:00", db: "CNVD", id: "CNVD-2016-13119", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-12-27T00:00:00", db: "CNVD", id: "CNVD-2016-13119", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR WNR2000 Router Heap Buffer Overflow Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2016-13119", }, ], trust: 0.6, }, }
var-202004-1428
Vulnerability from variot
plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1428", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7300dst", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.9.18", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.34", }, { model: "pr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.20", }, { model: "d8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.35", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.0.8", }, { model: "d6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.32", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r6020", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.26", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.5.14", }, { model: "wnr2050", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.36", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.18", }, { model: "dgn2200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.96", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.34", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.0.8", }, { model: "r8300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.110", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.94", }, { model: "wnr2020", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.52", }, { model: "r6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.16", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.4", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.20", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.52", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.30", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.4", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.12", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "d6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "r6800", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.12", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.8", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.110", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.44", }, { model: "wnr3500l", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.46", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "r6080", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.26", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.40", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.50", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.54", }, { model: "d6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.00.24", }, { model: "dgn2200b", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.67", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.54", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.67", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.5.14", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.12", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.46", }, { model: "wndr3400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.16", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.102", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.56", }, { model: "d6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.00.24", }, { model: "d6220", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.32", }, { model: "d6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.66", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.44", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.52", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "d8500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.35", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, { db: "NVD", id: "CVE-2017-18785", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6220_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d8500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, ], }, cve: "CVE-2017-18785", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2017-18785", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2017-014878", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2017-18785", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.1, id: "CVE-2017-18785", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2017-014878", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18785", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18785", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-014878", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1888", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, { db: "CNNVD", id: "CNNVD-202004-1888", }, { db: "NVD", id: "CVE-2017-18785", }, { db: "NVD", id: "CVE-2017-18785", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with.", sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, ], trust: 0.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18785", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2017-014878", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1888", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, { db: "CNNVD", id: "CNNVD-202004-1888", }, { db: "NVD", id: "CVE-2017-18785", }, ], }, id: "VAR-202004-1428", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4028575456097561, }, last_update_date: "2024-11-23T23:04:25.068000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Cross-Site Scripting on Some Routers, Gateways, and Extenders, PSV-2017-2950", trust: 0.8, url: "https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950", }, { title: "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116664", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, { db: "CNNVD", id: "CNNVD-202004-1888", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, { db: "NVD", id: "CVE-2017-18785", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000049534/security-advisory-for-cross-site-scripting-on-some-routers-gateways-and-extenders-psv-2017-2950", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18785", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18785", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, { db: "CNNVD", id: "CNNVD-202004-1888", }, { db: "NVD", id: "CVE-2017-18785", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, { db: "CNNVD", id: "CNNVD-202004-1888", }, { db: "NVD", id: "CVE-2017-18785", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-014878", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1888", }, { date: "2020-04-22T15:15:12.957000", db: "NVD", id: "CVE-2017-18785", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-014878", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-1888", }, { date: "2024-11-21T03:20:54.943000", db: "NVD", id: "CVE-2017-18785", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1888", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014878", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-1888", }, ], trust: 0.6, }, }
var-202004-1636
Vulnerability from variot
plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained and tampered with. Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 prior to 1.0.0.27, D500 prior to 1.0.0.27, D6100 prior to 1.0.0.57, D6220 prior to 1.0.0.40, D6400 prior to 1.0.0.74, D7000 prior to 1.0.1.60, D7800 prior to 1.0.1.34, D8500 prior to 1.0.3.39, DGN2200v4 prior to 1.0.0.94, DGN2200Bv4 prior to 1.0.0.94, EX2700 prior to 1.0.1.42, EX3700 prior to 1.0.0.64, EX3800 prior to 1.0.0.64, EX6000 prior to 1.0.0.24, EX6100 prior to 1.0.2.18, EX6120 prior to 1.0.0.32, EX6130 prior to 1.0.0.22, EX6150 prior to 1.0.0.34_1.0.70, EX6200 prior to 1.0.3.82_1.1.117, EX6400 prior to 1.0.1.78, EX7000 prior to 1.0.0.56, EX7300 prior to 1.0.1.78, JNR1010v2 prior to 1.1.0.42, JR6150 prior to 1.0.1.10, JWNR2010v5 prior to 1.1.0.42, PR2000 prior to 1.0.0.22, R6050 prior to 1.0.1.10, R6100 prior to 1.0.1.16, R6220 prior to 1.1.0.50, R6250 prior to 1.0.4.14, R6300v2 prior to 1.0.4.12, R6400v2 prior to 1.0.2.34, R6700 prior to 1.0.1.26, R6900 prior to 1.0.1.26, R6900P prior to 1.2.0.22, R7000 prior to 1.0.9.6, R7000P prior to 1.2.0.22, R7100LG prior to 1.0.0.40, R7300DST prior to 1.0.0.54, R7500 prior to 1.0.0.110, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.44, R7900 prior to 1.0.1.26, R8000 prior to 1.0.3.48, R8300 prior to 1.0.2.104, R8500 prior to 1.0.2.104, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN2500RPv2 prior to 1.0.1.46, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.56, WNDR3400v3 prior to 1.0.1.14, WNDR3700v4 prior to 1.0.2.96, WNDR3700v5 prior to 1.1.0.54, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.42, WNR2000v5 prior to 1.0.0.64, WNR2020 prior to 1.1.0.42, and WNR2050 prior to 1.1.0.42
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1636", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ex6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.32", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "dgn2200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.94", }, { model: "r6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.14", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.18", }, { model: "pr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.22", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "d6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.40", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.34", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "d500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.27", }, { model: "wnr2020", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "d1500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.27", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.22", }, { model: "ex3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "r7300dst", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr3400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.14", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.42", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.57", }, { model: "r6050", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.10", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.44", }, { model: "wn2500rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.46", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.22", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.98", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.82_1.1.117", }, { model: "dgn2200b", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.94", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.48", }, { model: "ex6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.24", }, { model: "ex6130", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.22", }, { model: "r6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.16", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.54", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "r6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.50", }, { model: "ex7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.9.6", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.40", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.110", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.34", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.34_1.0.70", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "jr6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.10", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.26", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.66", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "d6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.74", }, { model: "r8300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "d8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.39", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "wnr2050", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.42", }, { model: "ex3800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "d1500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.27", }, { model: "d500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.27", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d6220", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.40", }, { model: "d6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.74", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.60", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "d8500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.39", }, { model: "dgn2200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.94", }, { model: "dgn2200b", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.94", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016407", }, { db: "NVD", id: "CVE-2018-21231", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d1500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6220_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d8500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dgn2200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dgn2200b_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016407", }, ], }, cve: "CVE-2018-21231", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21231", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016407", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2018-21231", impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.1, id: "CVE-2018-21231", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2018-016407", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21231", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21231", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016407", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-2129", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21231", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2018-21231", }, { db: "JVNDB", id: "JVNDB-2018-016407", }, { db: "CNNVD", id: "CNNVD-202004-2129", }, { db: "NVD", id: "CVE-2018-21231", }, { db: "NVD", id: "CVE-2018-21231", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained and tampered with. Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 prior to 1.0.0.27, D500 prior to 1.0.0.27, D6100 prior to 1.0.0.57, D6220 prior to 1.0.0.40, D6400 prior to 1.0.0.74, D7000 prior to 1.0.1.60, D7800 prior to 1.0.1.34, D8500 prior to 1.0.3.39, DGN2200v4 prior to 1.0.0.94, DGN2200Bv4 prior to 1.0.0.94, EX2700 prior to 1.0.1.42, EX3700 prior to 1.0.0.64, EX3800 prior to 1.0.0.64, EX6000 prior to 1.0.0.24, EX6100 prior to 1.0.2.18, EX6120 prior to 1.0.0.32, EX6130 prior to 1.0.0.22, EX6150 prior to 1.0.0.34_1.0.70, EX6200 prior to 1.0.3.82_1.1.117, EX6400 prior to 1.0.1.78, EX7000 prior to 1.0.0.56, EX7300 prior to 1.0.1.78, JNR1010v2 prior to 1.1.0.42, JR6150 prior to 1.0.1.10, JWNR2010v5 prior to 1.1.0.42, PR2000 prior to 1.0.0.22, R6050 prior to 1.0.1.10, R6100 prior to 1.0.1.16, R6220 prior to 1.1.0.50, R6250 prior to 1.0.4.14, R6300v2 prior to 1.0.4.12, R6400v2 prior to 1.0.2.34, R6700 prior to 1.0.1.26, R6900 prior to 1.0.1.26, R6900P prior to 1.2.0.22, R7000 prior to 1.0.9.6, R7000P prior to 1.2.0.22, R7100LG prior to 1.0.0.40, R7300DST prior to 1.0.0.54, R7500 prior to 1.0.0.110, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.44, R7900 prior to 1.0.1.26, R8000 prior to 1.0.3.48, R8300 prior to 1.0.2.104, R8500 prior to 1.0.2.104, R9000 prior to 1.0.3.10, WN2000RPTv3 prior to 1.0.1.26, WN2500RPv2 prior to 1.0.1.46, WN3000RPv3 prior to 1.0.2.66, WN3100RPv2 prior to 1.0.0.56, WNDR3400v3 prior to 1.0.1.14, WNDR3700v4 prior to 1.0.2.96, WNDR3700v5 prior to 1.1.0.54, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.42, WNR2000v5 prior to 1.0.0.64, WNR2020 prior to 1.1.0.42, and WNR2050 prior to 1.1.0.42", sources: [ { db: "JVNDB", id: "JVNDB-2018-016407", }, { db: "VULMON", id: "CVE-2018-21231", }, ], trust: 0.81, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21231", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2018-016407", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-2129", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21231", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2018-21231", }, { db: "JVNDB", id: "JVNDB-2018-016407", }, { db: "CNNVD", id: "CNNVD-202004-2129", }, { db: "NVD", id: "CVE-2018-21231", }, ], }, id: "VAR-202004-1636", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4058950425581395, }, last_update_date: "2024-11-23T23:11:26.757000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Security Misconfiguration on Some Routers, Gateways, and Extenders, PSV-2016-0102", trust: 0.8, url: "https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117052", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016407", }, { db: "CNNVD", id: "CNNVD-202004-2129", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2018-21231", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000055103/security-advisory-for-security-misconfiguration-on-some-routers-gateways-and-extenders-psv-2016-0102", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21231", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21231", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2018-21231", }, { db: "JVNDB", id: "JVNDB-2018-016407", }, { db: "CNNVD", id: "CNNVD-202004-2129", }, { db: "NVD", id: "CVE-2018-21231", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2018-21231", }, { db: "JVNDB", id: "JVNDB-2018-016407", }, { db: "CNNVD", id: "CNNVD-202004-2129", }, { db: "NVD", id: "CVE-2018-21231", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2018-21231", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016407", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-2129", }, { date: "2020-04-24T15:15:13.003000", db: "NVD", id: "CVE-2018-21231", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21231", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2018-016407", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2129", }, { date: "2024-11-21T04:03:14.407000", db: "NVD", id: "CVE-2018-21231", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2129", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016407", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2129", }, ], trust: 0.6, }, }
var-202004-0783
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0783", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "xr450", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.32", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.38", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.70", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.48", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.32", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.47", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.47", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.48", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.72", }, { model: "ex6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "ex7300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.38", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.12", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, { db: "NVD", id: "CVE-2019-20721", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex7300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1305", }, ], trust: 0.6, }, cve: "CVE-2019-20721", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2019-20721", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2019-015408", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2019-20721", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2019-20721", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2019-015408", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20721", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20721", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015408", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1305", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, { db: "CNNVD", id: "CNNVD-202004-1305", }, { db: "NVD", id: "CVE-2019-20721", }, { db: "NVD", id: "CVE-2019-20721", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with", sources: [ { db: "NVD", id: "CVE-2019-20721", }, { db: "JVNDB", id: "JVNDB-2019-015408", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20721", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-015408", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1305", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, { db: "CNNVD", id: "CNNVD-202004-1305", }, { db: "NVD", id: "CVE-2019-20721", }, ], }, id: "VAR-202004-0783", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3756899809090909, }, last_update_date: "2024-11-23T22:48:02.128000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross Site Scripting on Some Routers, Gateways, and Extenders, PSV-2018-0159", trust: 0.8, url: "https://kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, { db: "NVD", id: "CVE-2019-20721", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000061207/security-advisory-for-stored-cross-site-scripting-on-some-routers-gateways-and-extenders-psv-2018-0159", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20721", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20721", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, { db: "CNNVD", id: "CNNVD-202004-1305", }, { db: "NVD", id: "CVE-2019-20721", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, { db: "CNNVD", id: "CNNVD-202004-1305", }, { db: "NVD", id: "CVE-2019-20721", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015408", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1305", }, { date: "2020-04-16T19:15:25.227000", db: "NVD", id: "CVE-2019-20721", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015408", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1305", }, { date: "2024-11-21T04:39:10.943000", db: "NVD", id: "CVE-2019-20721", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1305", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015408", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-1305", }, ], trust: 0.6, }, }
var-202004-0786
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects D3600 prior to 1.0.0.75, D6000 prior to 1.0.0.75, D6100 prior to 1.0.0.63, D7800 prior to 1.0.1.44, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.52, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, RBS40 prior to 2.3.0.28, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.58, WNDR4500v3 prior to 1.0.0.58, WNR2000v5 prior to 1.0.0.68, and XR500 prior to 2.3.2.32
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0786", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.38", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.63", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.32", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.38", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "rbk20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbr20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "NVD", id: "CVE-2019-20724", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbs20_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015410", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1308", }, ], trust: 0.6, }, cve: "CVE-2019-20724", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20724", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015410", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20724", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20724", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015410", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20724", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20724", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015410", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1308", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-20724", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-20724", }, { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "CNNVD", id: "CNNVD-202004-1308", }, { db: "NVD", id: "CVE-2019-20724", }, { db: "NVD", id: "CVE-2019-20724", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects D3600 prior to 1.0.0.75, D6000 prior to 1.0.0.75, D6100 prior to 1.0.0.63, D7800 prior to 1.0.1.44, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.52, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, RBS40 prior to 2.3.0.28, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.58, WNDR4500v3 prior to 1.0.0.58, WNR2000v5 prior to 1.0.0.68, and XR500 prior to 2.3.2.32", sources: [ { db: "NVD", id: "CVE-2019-20724", }, { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "VULMON", id: "CVE-2019-20724", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20724", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2019-015410", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1308", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-20724", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-20724", }, { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "CNNVD", id: "CNNVD-202004-1308", }, { db: "NVD", id: "CVE-2019-20724", }, ], }, id: "VAR-202004-0786", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.346688564375, }, last_update_date: "2024-11-23T22:21:13.244000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Some Routers, Gateways, and WiFi Systems, PSV-2018-0144", trust: 0.8, url: "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", }, { title: "Multiple NETGEAR Fixing measures for product injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116884", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "CNNVD", id: "CNNVD-202004-1308", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-74", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "NVD", id: "CVE-2019-20724", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000061204/security-advisory-for-post-authentication-command-injection-on-some-routers-gateways-and-wifi-systems-psv-2018-0144", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20724", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20724", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2019-20724", }, { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "CNNVD", id: "CNNVD-202004-1308", }, { db: "NVD", id: "CVE-2019-20724", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-20724", }, { db: "JVNDB", id: "JVNDB-2019-015410", }, { db: "CNNVD", id: "CNNVD-202004-1308", }, { db: "NVD", id: "CVE-2019-20724", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-16T00:00:00", db: "VULMON", id: "CVE-2019-20724", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015410", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1308", }, { date: "2020-04-16T19:15:25.400000", db: "NVD", id: "CVE-2019-20724", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-24T00:00:00", db: "VULMON", id: "CVE-2019-20724", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015410", }, { date: "2020-10-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1308", }, { date: "2024-11-21T04:39:11.433000", db: "NVD", id: "CVE-2019-20724", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1308", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015410", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1308", }, ], trust: 0.6, }, }
var-202004-1678
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1678", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28115", }, { db: "VULMON", id: "CVE-2018-21176", }, { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "NVD", id: "CVE-2018-21176", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016385", }, ], }, cve: "CVE-2018-21176", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2018-21176", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016385", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2020-28115", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2018-21176", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21176", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016385", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21176", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21176", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016385", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-28115", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2219", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21176", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28115", }, { db: "VULMON", id: "CVE-2018-21176", }, { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "CNNVD", id: "CNNVD-202004-2219", }, { db: "NVD", id: "CVE-2018-21176", }, { db: "NVD", id: "CVE-2018-21176", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21176", }, { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "CNVD", id: "CNVD-2020-28115", }, { db: "VULMON", id: "CVE-2018-21176", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21176", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016385", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28115", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2219", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21176", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28115", }, { db: "VULMON", id: "CVE-2018-21176", }, { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "CNNVD", id: "CNNVD-202004-2219", }, { db: "NVD", id: "CVE-2018-21176", }, ], }, id: "VAR-202004-1678", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28115", }, ], trust: 1.2739518849999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28115", }, ], }, last_update_date: "2024-11-23T23:11:26.693000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2623", trust: 0.8, url: "https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28115)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217411", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117724", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28115", }, { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "CNNVD", id: "CNNVD-202004-2219", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "NVD", id: "CVE-2018-21176", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21176", }, { trust: 1.7, url: "https://kb.netgear.com/000055182/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2623", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21176", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28115", }, { db: "VULMON", id: "CVE-2018-21176", }, { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "CNNVD", id: "CNNVD-202004-2219", }, { db: "NVD", id: "CVE-2018-21176", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28115", }, { db: "VULMON", id: "CVE-2018-21176", }, { db: "JVNDB", id: "JVNDB-2018-016385", }, { db: "CNNVD", id: "CNNVD-202004-2219", }, { db: "NVD", id: "CVE-2018-21176", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28115", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21176", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016385", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2219", }, { date: "2020-04-27T20:15:11.897000", db: "NVD", id: "CVE-2018-21176", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28115", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21176", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016385", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2219", }, { date: "2024-11-21T04:03:05.770000", db: "NVD", id: "CVE-2018-21176", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2219", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016385", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2219", }, ], trust: 0.6, }, }
var-202004-1709
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R7800 prior to 1.2.0.44, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1709", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.44", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.54", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.44", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "r7800", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.2.0.44", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.42", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28274", }, { db: "VULMON", id: "CVE-2018-21198", }, { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "NVD", id: "CVE-2018-21198", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016361", }, ], }, cve: "CVE-2018-21198", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21198", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016361", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28274", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21198", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21198", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016361", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21198", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21198", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016361", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28274", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2272", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21198", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28274", }, { db: "VULMON", id: "CVE-2018-21198", }, { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "CNNVD", id: "CNNVD-202004-2272", }, { db: "NVD", id: "CVE-2018-21198", }, { db: "NVD", id: "CVE-2018-21198", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R7800 prior to 1.2.0.44, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21198", }, { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "CNVD", id: "CNVD-2020-28274", }, { db: "VULMON", id: "CVE-2018-21198", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21198", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016361", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28274", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2272", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21198", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28274", }, { db: "VULMON", id: "CVE-2018-21198", }, { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "CNNVD", id: "CNNVD-202004-2272", }, { db: "NVD", id: "CVE-2018-21198", }, ], }, id: "VAR-202004-1709", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28274", }, ], trust: 1.30561081875, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28274", }, ], }, last_update_date: "2024-11-23T21:59:20.026000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2594", trust: 0.8, url: "https://kb.netgear.com/000055151/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2594", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28274)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217547", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117364", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28274", }, { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "CNNVD", id: "CNNVD-202004-2272", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "NVD", id: "CVE-2018-21198", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21198", }, { trust: 1.7, url: "https://kb.netgear.com/000055151/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2594", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21198", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28274", }, { db: "VULMON", id: "CVE-2018-21198", }, { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "CNNVD", id: "CNNVD-202004-2272", }, { db: "NVD", id: "CVE-2018-21198", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28274", }, { db: "VULMON", id: "CVE-2018-21198", }, { db: "JVNDB", id: "JVNDB-2018-016361", }, { db: "CNNVD", id: "CNNVD-202004-2272", }, { db: "NVD", id: "CVE-2018-21198", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28274", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21198", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016361", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2272", }, { date: "2020-04-28T16:15:13.090000", db: "NVD", id: "CVE-2018-21198", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28274", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21198", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016361", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2272", }, { date: "2024-11-21T04:03:09.237000", db: "NVD", id: "CVE-2018-21198", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2272", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016361", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2272", }, ], trust: 0.6, }, }
var-202004-0898
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0898", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.60", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.63", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.48", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.32", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.180", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.48", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.72", }, { model: "ex6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "ex7300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "ex8000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.180", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, { db: "NVD", id: "CVE-2019-20689", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex7300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex8000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1273", }, ], trust: 0.6, }, cve: "CVE-2019-20689", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20689", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015464", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20689", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20689", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015464", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20689", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20689", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015464", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1273", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, { db: "CNNVD", id: "CNNVD-202004-1273", }, { db: "NVD", id: "CVE-2019-20689", }, { db: "NVD", id: "CVE-2019-20689", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2019-20689", }, { db: "JVNDB", id: "JVNDB-2019-015464", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20689", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-015464", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1273", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, { db: "CNNVD", id: "CNNVD-202004-1273", }, { db: "NVD", id: "CVE-2019-20689", }, ], }, id: "VAR-202004-0898", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3689555958333333, }, last_update_date: "2024-11-23T22:33:29.026000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Some Routers, Gateways, and Extenders, PSV-2018-0132", trust: 0.8, url: "https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132", }, { title: "Multiple NETGEAR Product Command Injection Vulnerability Fixes", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114772", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, { db: "CNNVD", id: "CNNVD-202004-1273", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-74", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, { db: "NVD", id: "CVE-2019-20689", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000061450/security-advisory-for-post-authentication-command-injection-on-some-routers-gateways-and-extenders-psv-2018-0132", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20689", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20689", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, { db: "CNNVD", id: "CNNVD-202004-1273", }, { db: "NVD", id: "CVE-2019-20689", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, { db: "CNNVD", id: "CNNVD-202004-1273", }, { db: "NVD", id: "CVE-2019-20689", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-015464", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1273", }, { date: "2020-04-16T19:15:23.307000", db: "NVD", id: "CVE-2019-20689", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-015464", }, { date: "2020-04-17T00:00:00", db: "CNNVD", id: "CNNVD-202004-1273", }, { date: "2024-11-21T04:39:05.370000", db: "NVD", id: "CVE-2019-20689", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015464", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1273", }, ], trust: 0.6, }, }
var-201701-0163
Vulnerability from variot
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. NETGEARWNR2000v5router is a popular router device. NETGEARWNR2000v5router has a certification bypass vulnerability. An attacker could exploit this vulnerability to bypass the authentication mechanism and perform unauthorized operations. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router
Show details on source website{ affected_products: { _id: null, data: [ { _id: null, model: "wnr2000v5", scope: null, trust: 1.6, vendor: "net gear", version: null, }, { _id: null, model: "wnr2000v5", scope: "lte", trust: 1, vendor: "netgear", version: "1.0.0.34", }, { _id: null, model: "wnr2000", scope: "eq", trust: 0.9, vendor: "netgear", version: "5", }, { _id: null, model: "wnr2000v5", scope: "eq", trust: 0.6, vendor: "netgear", version: "1.0.0.34", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01223", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007709", }, { db: "CNNVD", id: "CNNVD-201702-103", }, { db: "NVD", id: "CVE-2016-10176", }, ], }, configurations: { _id: null, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/h:netgear:wnr2000v5", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000v5_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-007709", }, ], }, credits: { _id: null, data: "Pedro Ribeiro.", sources: [ { db: "BID", id: "95867", }, ], trust: 0.3, }, cve: "CVE-2016-10176", cvss: { _id: null, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2016-10176", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2017-01223", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-88926", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-10176", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-10176", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2016-10176", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2017-01223", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201702-103", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-88926", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-10176", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01223", }, { db: "VULHUB", id: "VHN-88926", }, { db: "VULMON", id: "CVE-2016-10176", }, { db: "JVNDB", id: "JVNDB-2016-007709", }, { db: "CNNVD", id: "CNNVD-201702-103", }, { db: "NVD", id: "CVE-2016-10176", }, ], }, description: { _id: null, data: "The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. NETGEARWNR2000v5router is a popular router device. NETGEARWNR2000v5router has a certification bypass vulnerability. An attacker could exploit this vulnerability to bypass the authentication mechanism and perform unauthorized operations. Netgear WNR2000 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. Failed exploit attempts will likely cause a denial-of-service condition. \nNetgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router", sources: [ { db: "NVD", id: "CVE-2016-10176", }, { db: "JVNDB", id: "JVNDB-2016-007709", }, { db: "CNVD", id: "CNVD-2017-01223", }, { db: "BID", id: "95867", }, { db: "VULHUB", id: "VHN-88926", }, { db: "VULMON", id: "CVE-2016-10176", }, ], trust: 2.61, }, exploit_availability: { _id: null, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-88926", trust: 0.1, type: "unknown", }, { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=40949", trust: 0.1, type: "exploit", }, ], sources: [ { db: "VULHUB", id: "VHN-88926", }, { db: "VULMON", id: "CVE-2016-10176", }, ], }, external_ids: { _id: null, data: [ { db: "NVD", id: "CVE-2016-10176", trust: 3.5, }, { db: "BID", id: "95867", trust: 2.7, }, { db: "EXPLOIT-DB", id: "40949", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-007709", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201702-103", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-01223", trust: 0.6, }, { db: "VULHUB", id: "VHN-88926", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-10176", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01223", }, { db: "VULHUB", id: "VHN-88926", }, { db: "VULMON", id: "CVE-2016-10176", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007709", }, { db: "CNNVD", id: "CNNVD-201702-103", }, { db: "NVD", id: "CVE-2016-10176", }, ], }, id: "VAR-201701-0163", iot: { _id: null, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-01223", }, { db: "VULHUB", id: "VHN-88926", }, ], trust: 1.5116521, }, iot_taxonomy: { _id: null, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01223", }, ], }, last_update_date: "2024-11-23T21:42:11.609000Z", patch: { _id: null, data: [ { title: "Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255", trust: 0.8, url: "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability", }, { title: "NETGEARWNR2000v5router authentication bypasses the patch for the vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/89180", }, { title: "NETGEAR WNR2000v5 Repair measures for router security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67474", }, { title: "BleepingComputer", trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/routex-malware-uses-netgear-routers-for-credential-stuffing-attacks/", }, { title: "BleepingComputer", trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01223", }, { db: "VULMON", id: "CVE-2016-10176", }, { db: "JVNDB", id: "JVNDB-2016-007709", }, { db: "CNNVD", id: "CNNVD-201702-103", }, ], }, problemtype_data: { _id: null, data: [ { problemtype: "CWE-20", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-88926", }, { db: "JVNDB", id: "JVNDB-2016-007709", }, { db: "NVD", id: "CVE-2016-10176", }, ], }, references: { _id: null, data: [ { trust: 2.6, url: "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt", }, { trust: 2.4, url: "http://www.securityfocus.com/bid/95867", }, { trust: 1.8, url: "http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability", }, { trust: 1.8, url: "http://seclists.org/fulldisclosure/2016/dec/72", }, { trust: 1.3, url: "https://www.exploit-db.com/exploits/40949/", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10176", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10176", }, { trust: 0.3, url: "http://www.netgear.com", }, { trust: 0.3, url: "http://seclists.org/fulldisclosure/2017/jan/88", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/routex-malware-uses-netgear-routers-for-credential-stuffing-attacks/", }, { trust: 0.1, url: "https://www.rapid7.com/db/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-01223", }, { db: "VULHUB", id: "VHN-88926", }, { db: "VULMON", id: "CVE-2016-10176", }, { db: "BID", id: "95867", }, { db: "JVNDB", id: "JVNDB-2016-007709", }, { db: "CNNVD", id: "CNNVD-201702-103", }, { db: "NVD", id: "CVE-2016-10176", }, ], }, sources: { _id: null, data: [ { db: "CNVD", id: "CNVD-2017-01223", ident: null, }, { db: "VULHUB", id: "VHN-88926", ident: null, }, { db: "VULMON", id: "CVE-2016-10176", ident: null, }, { db: "BID", id: "95867", ident: null, }, { db: "JVNDB", id: "JVNDB-2016-007709", ident: null, }, { db: "CNNVD", id: "CNNVD-201702-103", ident: null, }, { db: "NVD", id: "CVE-2016-10176", ident: null, }, ], }, sources_release_date: { _id: null, data: [ { date: "2017-02-13T00:00:00", db: "CNVD", id: "CNVD-2017-01223", ident: null, }, { date: "2017-01-30T00:00:00", db: "VULHUB", id: "VHN-88926", ident: null, }, { date: "2017-01-30T00:00:00", db: "VULMON", id: "CVE-2016-10176", ident: null, }, { date: "2017-01-30T00:00:00", db: "BID", id: "95867", ident: null, }, { date: "2017-03-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-007709", ident: null, }, { date: "2017-01-29T00:00:00", db: "CNNVD", id: "CNNVD-201702-103", ident: null, }, { date: "2017-01-30T04:59:00.250000", db: "NVD", id: "CVE-2016-10176", ident: null, }, ], }, sources_update_date: { _id: null, data: [ { date: "2017-02-12T00:00:00", db: "CNVD", id: "CNVD-2017-01223", ident: null, }, { date: "2017-09-03T00:00:00", db: "VULHUB", id: "VHN-88926", ident: null, }, { date: "2017-09-03T00:00:00", db: "VULMON", id: "CVE-2016-10176", ident: null, }, { date: "2017-02-02T01:03:00", db: "BID", id: "95867", ident: null, }, { date: "2017-03-13T00:00:00", db: "JVNDB", id: "JVNDB-2016-007709", ident: null, }, { date: "2017-02-10T00:00:00", db: "CNNVD", id: "CNNVD-201702-103", ident: null, }, { date: "2024-11-21T02:43:29.070000", db: "NVD", id: "CVE-2016-10176", ident: null, }, ], }, threat_type: { _id: null, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201702-103", }, ], trust: 0.6, }, title: { _id: null, data: "NETGEAR WNR2000v5 Vulnerability to execute sensitive operations in router", sources: [ { db: "JVNDB", id: "JVNDB-2016-007709", }, ], trust: 0.8, }, type: { _id: null, data: "input validation", sources: [ { db: "CNNVD", id: "CNNVD-201702-103", }, ], trust: 0.6, }, }
var-202004-0922
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0922", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.60", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.63", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.48", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.32", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.180", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.48", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.76", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.72", }, { model: "ex6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "ex7300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.136", }, { model: "ex8000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.180", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, { db: "NVD", id: "CVE-2019-20688", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex7300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex8000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1272", }, ], trust: 0.6, }, cve: "CVE-2019-20688", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20688", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015463", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20688", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20688", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015463", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20688", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20688", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015463", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1272", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, { db: "CNNVD", id: "CNNVD-202004-1272", }, { db: "NVD", id: "CVE-2019-20688", }, { db: "NVD", id: "CVE-2019-20688", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2019-20688", }, { db: "JVNDB", id: "JVNDB-2019-015463", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20688", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-015463", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1272", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, { db: "CNNVD", id: "CNNVD-202004-1272", }, { db: "NVD", id: "CVE-2019-20688", }, ], }, id: "VAR-202004-0922", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3801947115384616, }, last_update_date: "2024-11-23T22:25:33.040000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Some Routers, Gateways, and Extenders, PSV-2018-0142", trust: 0.8, url: "https://kb.netgear.com/000061451/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0142", }, { title: "Multiple NETGEAR Product Command Injection Vulnerability Fixes", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114771", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, { db: "CNNVD", id: "CNNVD-202004-1272", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-74", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, { db: "NVD", id: "CVE-2019-20688", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000061451/security-advisory-for-post-authentication-command-injection-on-some-routers-gateways-and-extenders-psv-2018-0142", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20688", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20688", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, { db: "CNNVD", id: "CNNVD-202004-1272", }, { db: "NVD", id: "CVE-2019-20688", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, { db: "CNNVD", id: "CNNVD-202004-1272", }, { db: "NVD", id: "CVE-2019-20688", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-015463", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1272", }, { date: "2020-04-16T19:15:23.260000", db: "NVD", id: "CVE-2019-20688", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-015463", }, { date: "2020-04-17T00:00:00", db: "CNNVD", id: "CNNVD-202004-1272", }, { date: "2024-11-21T04:39:05.197000", db: "NVD", id: "CVE-2019-20688", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015463", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1272", }, ], trust: 0.6, }, }
var-202004-1666
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1666", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46571", }, { db: "VULMON", id: "CVE-2018-21220", }, { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "NVD", id: "CVE-2018-21220", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016345", }, ], }, cve: "CVE-2018-21220", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21220", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016345", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-46571", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21220", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21220", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016345", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21220", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21220", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016345", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-46571", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2299", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21220", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46571", }, { db: "VULMON", id: "CVE-2018-21220", }, { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "CNNVD", id: "CNNVD-202004-2299", }, { db: "NVD", id: "CVE-2018-21220", }, { db: "NVD", id: "CVE-2018-21220", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21220", }, { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "CNVD", id: "CNVD-2021-46571", }, { db: "VULMON", id: "CVE-2018-21220", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21220", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016345", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-46571", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2299", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21220", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46571", }, { db: "VULMON", id: "CVE-2018-21220", }, { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "CNNVD", id: "CNNVD-202004-2299", }, { db: "NVD", id: "CVE-2018-21220", }, ], }, id: "VAR-202004-1666", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-46571", }, ], trust: 1.2675980592307692, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46571", }, ], }, last_update_date: "2024-11-23T22:58:17.941000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2481", trust: 0.8, url: "https://kb.netgear.com/000055117/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2481", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-46571)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/276576", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117391", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46571", }, { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "CNNVD", id: "CNNVD-202004-2299", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "NVD", id: "CVE-2018-21220", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21220", }, { trust: 1.7, url: "https://kb.netgear.com/000055117/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-and-gateways-psv-2017-2481", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21220", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-46571", }, { db: "VULMON", id: "CVE-2018-21220", }, { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "CNNVD", id: "CNNVD-202004-2299", }, { db: "NVD", id: "CVE-2018-21220", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-46571", }, { db: "VULMON", id: "CVE-2018-21220", }, { db: "JVNDB", id: "JVNDB-2018-016345", }, { db: "CNNVD", id: "CNNVD-202004-2299", }, { db: "NVD", id: "CVE-2018-21220", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-02T00:00:00", db: "CNVD", id: "CNVD-2021-46571", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21220", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016345", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2299", }, { date: "2020-04-28T16:15:14.403000", db: "NVD", id: "CVE-2018-21220", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-02T00:00:00", db: "CNVD", id: "CNVD-2021-46571", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2018-21220", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016345", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2299", }, { date: "2024-11-21T04:03:12.643000", db: "NVD", id: "CVE-2018-21220", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2299", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in the product", sources: [ { db: "JVNDB", id: "JVNDB-2018-016345", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2299", }, ], trust: 0.6, }, }
var-202004-1357
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58. NETGEAR WNDR3700 , WNDR4300 , WNR2000 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNDR3700, etc. are all wireless routers from NETGEAR.
There are injection vulnerabilities in NETGEAR WNDR3700v4 versions before 1.0.2.88, WNDR4300v1 versions before 1.0.2.90, and WNR2000v5 versions before 1.0.0.58. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1357", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.90", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.90", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.90", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52949", }, { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "NVD", id: "CVE-2017-18754", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014921", }, ], }, cve: "CVE-2017-18754", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2017-18754", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014921", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-52949", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2017-18754", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2017-18754", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014921", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18754", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18754", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-014921", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-52949", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1929", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52949", }, { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "CNNVD", id: "CNNVD-202004-1929", }, { db: "NVD", id: "CVE-2017-18754", }, { db: "NVD", id: "CVE-2017-18754", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58. NETGEAR WNDR3700 , WNDR4300 , WNR2000 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNDR3700, etc. are all wireless routers from NETGEAR. \n\r\n\r\nThere are injection vulnerabilities in NETGEAR WNDR3700v4 versions before 1.0.2.88, WNDR4300v1 versions before 1.0.2.90, and WNR2000v5 versions before 1.0.0.58. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2017-18754", }, { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "CNVD", id: "CNVD-2021-52949", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18754", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014921", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-52949", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1929", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52949", }, { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "CNNVD", id: "CNNVD-202004-1929", }, { db: "NVD", id: "CVE-2017-18754", }, ], }, id: "VAR-202004-1357", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-52949", }, ], trust: 1.43665969, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52949", }, ], }, last_update_date: "2024-11-23T22:55:10.536000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Routers, PSV-2017-0329", trust: 0.8, url: "https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329", }, { title: "Patch for NETGEAR WNDR3700, WNDR4300 and WNR2000 injection vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/280041", }, { title: "NETGEAR WNDR3700 , WNDR4300 and WNR2000 Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117255", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52949", }, { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "CNNVD", id: "CNNVD-202004-1929", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "NVD", id: "CVE-2017-18754", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18754", }, { trust: 1.6, url: "https://kb.netgear.com/000051494/security-advisory-for-post-authentication-command-injection-on-routers-psv-2017-0329", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18754", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-52949", }, { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "CNNVD", id: "CNNVD-202004-1929", }, { db: "NVD", id: "CVE-2017-18754", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-52949", }, { db: "JVNDB", id: "JVNDB-2017-014921", }, { db: "CNNVD", id: "CNNVD-202004-1929", }, { db: "NVD", id: "CVE-2017-18754", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-21T00:00:00", db: "CNVD", id: "CNVD-2021-52949", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014921", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1929", }, { date: "2020-04-22T17:15:11.667000", db: "NVD", id: "CVE-2017-18754", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-21T00:00:00", db: "CNVD", id: "CNVD-2021-52949", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014921", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1929", }, { date: "2024-11-21T03:20:50.367000", db: "NVD", id: "CVE-2017-18754", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1929", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014921", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1929", }, ], trust: 0.6, }, }
var-202004-1337
Vulnerability from variot
Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500, etc. are all products of NETGEAR. NETGEAR R8500 is a wireless router. NETGEAR WNR2000 is a wireless router. NETGEAR EX3700 is a wireless WiFi signal range extender
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1337", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7300dst", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.52", }, { model: "ex3700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.64", }, { model: "ex3800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.64", }, { model: "ex6120", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.32", }, { model: "ex6130", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.16", }, { model: "r6700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.26", }, { model: "r7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.9.6", }, { model: "r7900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.12", }, { model: "r8000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.24", }, { model: "r8500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.74", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.8", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "ex3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.64", }, { model: "ex3800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.64", }, { model: "ex6120", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.32", }, { model: "ex6130", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.16", }, { model: "r6300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.12", }, { model: "r6700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.26", }, { model: "r6900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.9.6", }, { model: "r7300dst", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.52", }, { model: "r7900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.12", }, { model: "r6300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.4.12", }, { model: "wnr2000v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.2.0.8", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31319", }, { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "NVD", id: "CVE-2017-18772", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:ex3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex3800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6120_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6130_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7300dst_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7900_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014919", }, ], }, cve: "CVE-2017-18772", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2017-18772", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014919", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2020-31319", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18772", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18772", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014919", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18772", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18772", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014919", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-31319", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1876", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31319", }, { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "CNNVD", id: "CNNVD-202004-1876", }, { db: "NVD", id: "CVE-2017-18772", }, { db: "NVD", id: "CVE-2017-18772", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500, etc. are all products of NETGEAR. NETGEAR R8500 is a wireless router. NETGEAR WNR2000 is a wireless router. NETGEAR EX3700 is a wireless WiFi signal range extender", sources: [ { db: "NVD", id: "CVE-2017-18772", }, { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "CNVD", id: "CNVD-2020-31319", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18772", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014919", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-31319", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1876", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31319", }, { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "CNNVD", id: "CNNVD-202004-1876", }, { db: "NVD", id: "CVE-2017-18772", }, ], }, id: "VAR-202004-1337", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-31319", }, ], trust: 1.05125455, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31319", }, ], }, last_update_date: "2024-11-23T22:05:40.331000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Authentication Bypass on Some Routers and Extenders, PSV-2017-0424", trust: 0.8, url: "https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424", }, { title: "Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2020-31319)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/220069", }, { title: "Multiple NETGEAR Product Authorization Issue Vulnerability Fixing Measures", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117221", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31319", }, { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "CNNVD", id: "CNNVD-202004-1876", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "NVD", id: "CVE-2017-18772", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18772", }, { trust: 1.6, url: "https://kb.netgear.com/000051471/security-advisory-for-authentication-bypass-on-some-routers-and-extenders-psv-2017-0424", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18772", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31319", }, { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "CNNVD", id: "CNNVD-202004-1876", }, { db: "NVD", id: "CVE-2017-18772", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-31319", }, { db: "JVNDB", id: "JVNDB-2017-014919", }, { db: "CNNVD", id: "CNNVD-202004-1876", }, { db: "NVD", id: "CVE-2017-18772", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31319", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014919", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1876", }, { date: "2020-04-22T15:15:11.800000", db: "NVD", id: "CVE-2017-18772", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31319", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014919", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1876", }, { date: "2024-11-21T03:20:52.860000", db: "NVD", id: "CVE-2017-18772", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1876", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Authentication vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014919", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-202004-1876", }, ], trust: 0.6, }, }
var-202004-1680
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1680", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48928", }, { db: "VULMON", id: "CVE-2018-21222", }, { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "NVD", id: "CVE-2018-21222", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016336", }, ], }, cve: "CVE-2018-21222", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21222", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016336", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-48928", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21222", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21222", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016336", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21222", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21222", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016336", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-48928", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2315", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21222", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48928", }, { db: "VULMON", id: "CVE-2018-21222", }, { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "CNNVD", id: "CNNVD-202004-2315", }, { db: "NVD", id: "CVE-2018-21222", }, { db: "NVD", id: "CVE-2018-21222", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21222", }, { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "CNVD", id: "CNVD-2021-48928", }, { db: "VULMON", id: "CVE-2018-21222", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21222", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016336", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-48928", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2315", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21222", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48928", }, { db: "VULMON", id: "CVE-2018-21222", }, { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "CNNVD", id: "CNNVD-202004-2315", }, { db: "NVD", id: "CVE-2018-21222", }, ], }, id: "VAR-202004-1680", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-48928", }, ], trust: 1.2824539991666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48928", }, ], }, last_update_date: "2024-11-23T23:04:24.767000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2458", trust: 0.8, url: "https://kb.netgear.com/000055115/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2458", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-48928)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/277356", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117406", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48928", }, { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "CNNVD", id: "CNNVD-202004-2315", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "NVD", id: "CVE-2018-21222", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21222", }, { trust: 1.7, url: "https://kb.netgear.com/000055115/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-and-gateways-psv-2017-2458", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21222", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48928", }, { db: "VULMON", id: "CVE-2018-21222", }, { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "CNNVD", id: "CNNVD-202004-2315", }, { db: "NVD", id: "CVE-2018-21222", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-48928", }, { db: "VULMON", id: "CVE-2018-21222", }, { db: "JVNDB", id: "JVNDB-2018-016336", }, { db: "CNNVD", id: "CNNVD-202004-2315", }, { db: "NVD", id: "CVE-2018-21222", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-08T00:00:00", db: "CNVD", id: "CNVD-2021-48928", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21222", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016336", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2315", }, { date: "2020-04-28T17:15:12.930000", db: "NVD", id: "CVE-2018-21222", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-10-19T00:00:00", db: "CNVD", id: "CNVD-2021-48928", }, { date: "2020-05-04T00:00:00", db: "VULMON", id: "CVE-2018-21222", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016336", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2315", }, { date: "2024-11-21T04:03:12.950000", db: "NVD", id: "CVE-2018-21222", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2315", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2018-016336", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2315", }, ], trust: 0.6, }, }
var-202004-1340
Vulnerability from variot
Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000 and so on are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNR2000 is a wireless router
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1340", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6220", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.50", }, { model: "d7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.50", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.55", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.24", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.12", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.108", }, { model: "wnr2020", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr2050", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.40", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.40", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.40", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.55", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.24", }, { model: "jnr1010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.40", }, { model: "jwnr2010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.40", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.12", }, { model: "r6220", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.50", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "jnr1010v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.40", }, { model: "jwnr2010v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.40", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, { model: "wnr1000v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.42", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31322", }, { db: "JVNDB", id: "JVNDB-2017-014915", }, { db: "NVD", id: "CVE-2017-18776", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jnr1010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jwnr2010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6220_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014915", }, ], }, cve: "CVE-2017-18776", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2017-18776", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014915", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2020-31322", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.5, id: "CVE-2017-18776", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.5, id: "CVE-2017-18776", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 8.4, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014915", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18776", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18776", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014915", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-31322", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1880", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31322", }, { db: "JVNDB", id: "JVNDB-2017-014915", }, { db: "CNNVD", id: "CNNVD-202004-1880", }, { db: "NVD", id: "CVE-2017-18776", }, { db: "NVD", id: "CVE-2017-18776", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000 and so on are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNR2000 is a wireless router", sources: [ { db: "NVD", id: "CVE-2017-18776", }, { db: "JVNDB", id: "JVNDB-2017-014915", }, { db: "CNVD", id: "CNVD-2020-31322", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18776", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014915", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-31322", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1880", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31322", }, { db: "JVNDB", id: "JVNDB-2017-014915", }, { db: "CNNVD", id: "CNNVD-202004-1880", }, { db: "NVD", id: "CVE-2017-18776", }, ], }, id: "VAR-202004-1340", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-31322", }, ], trust: 1.2865790547058822, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31322", }, ], }, last_update_date: "2024-11-23T22:25:32.678000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Authentication Bypass on Some Routers and Gateways, PSV-2017-0387", trust: 0.8, url: "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387", }, { title: "Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2020-31322)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/220057", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31322", }, { db: "JVNDB", id: "JVNDB-2017-014915", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014915", }, { db: "NVD", id: "CVE-2017-18776", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18776", }, { trust: 1.6, url: "https://kb.netgear.com/000049552/security-advisory-for-authentication-bypass-on-some-routers-and-gateways-psv-2017-0387", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18776", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31322", }, { db: "JVNDB", id: "JVNDB-2017-014915", }, { db: "CNNVD", id: "CNNVD-202004-1880", }, { db: "NVD", id: "CVE-2017-18776", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-31322", }, { db: "JVNDB", id: "JVNDB-2017-014915", }, { db: "CNNVD", id: "CNNVD-202004-1880", }, { db: "NVD", id: "CVE-2017-18776", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31322", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014915", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1880", }, { date: "2020-04-22T15:15:12.050000", db: "NVD", id: "CVE-2017-18776", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31322", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014915", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1880", }, { date: "2024-11-21T03:20:53.340000", db: "NVD", id: "CVE-2017-18776", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1880", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Authentication vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014915", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-202004-1880", }, ], trust: 0.6, }, }
var-202004-1547
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1547", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.60", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.60", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.66", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31243", }, { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "NVD", id: "CVE-2018-21111", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016320", }, ], }, cve: "CVE-2018-21111", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21111", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016320", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-31243", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21111", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21111", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016320", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21111", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21111", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016320", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-31243", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1893", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31243", }, { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "CNNVD", id: "CNNVD-202004-1893", }, { db: "NVD", id: "CVE-2018-21111", }, { db: "NVD", id: "CVE-2018-21111", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow", sources: [ { db: "NVD", id: "CVE-2018-21111", }, { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "CNVD", id: "CNVD-2020-31243", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21111", trust: 3, }, { db: "JVNDB", id: "JVNDB-2018-016320", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-31243", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1893", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31243", }, { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "CNNVD", id: "CNNVD-202004-1893", }, { db: "NVD", id: "CVE-2018-21111", }, ], }, id: "VAR-202004-1547", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-31243", }, ], trust: 1.2305895954545454, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31243", }, ], }, last_update_date: "2024-11-23T21:51:30.393000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Modem Routers, PSV-2018-0115", trust: 0.8, url: "https://kb.netgear.com/000060440/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0115", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-31243)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/219859", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116669", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31243", }, { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "CNNVD", id: "CNNVD-202004-1893", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "NVD", id: "CVE-2018-21111", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21111", }, { trust: 1.6, url: "https://kb.netgear.com/000060440/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-modem-routers-psv-2018-0115", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21111", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31243", }, { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "CNNVD", id: "CNNVD-202004-1893", }, { db: "NVD", id: "CVE-2018-21111", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-31243", }, { db: "JVNDB", id: "JVNDB-2018-016320", }, { db: "CNNVD", id: "CNNVD-202004-1893", }, { db: "NVD", id: "CVE-2018-21111", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-02T00:00:00", db: "CNVD", id: "CNVD-2020-31243", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016320", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1893", }, { date: "2020-04-22T15:15:13.190000", db: "NVD", id: "CVE-2018-21111", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-02T00:00:00", db: "CNVD", id: "CNVD-2020-31243", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016320", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1893", }, { date: "2024-11-21T04:02:55.650000", db: "NVD", id: "CVE-2018-21111", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1893", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016320", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1893", }, ], trust: 0.6, }, }
var-202004-1585
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR DM200 is a wireless modem. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.0.54, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1585", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.50", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.0.54", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48933", }, { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "NVD", id: "CVE-2018-21149", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016399", }, ], }, cve: "CVE-2018-21149", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21149", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016399", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-48933", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21149", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21149", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016399", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21149", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21149", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016399", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-48933", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2202", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21149", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48933", }, { db: "VULMON", id: "CVE-2018-21149", }, { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "CNNVD", id: "CNNVD-202004-2202", }, { db: "NVD", id: "CVE-2018-21149", }, { db: "NVD", id: "CVE-2018-21149", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR DM200 is a wireless modem. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.50, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.10, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.0.54, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64", sources: [ { db: "NVD", id: "CVE-2018-21149", }, { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "CNVD", id: "CNVD-2021-48933", }, { db: "VULMON", id: "CVE-2018-21149", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21149", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016399", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-48933", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2202", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21149", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48933", }, { db: "VULMON", id: "CVE-2018-21149", }, { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "CNNVD", id: "CNNVD-202004-2202", }, { db: "NVD", id: "CVE-2018-21149", }, ], }, id: "VAR-202004-1585", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-48933", }, ], trust: 1.20606618, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48933", }, ], }, last_update_date: "2024-11-23T22:41:06.490000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Gateways and Routers, PSV-2017-3156", trust: 0.8, url: "https://kb.netgear.com/000059484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3156", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-48933)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/277386", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117297", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48933", }, { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "CNNVD", id: "CNNVD-202004-2202", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "NVD", id: "CVE-2018-21149", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21149", }, { trust: 1.7, url: "https://kb.netgear.com/000059484/security-advisory-for-post-authentication-stack-overflow-on-some-gateways-and-routers-psv-2017-3156", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21149", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48933", }, { db: "VULMON", id: "CVE-2018-21149", }, { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "CNNVD", id: "CNNVD-202004-2202", }, { db: "NVD", id: "CVE-2018-21149", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-48933", }, { db: "VULMON", id: "CVE-2018-21149", }, { db: "JVNDB", id: "JVNDB-2018-016399", }, { db: "CNNVD", id: "CNNVD-202004-2202", }, { db: "NVD", id: "CVE-2018-21149", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-08T00:00:00", db: "CNVD", id: "CNVD-2021-48933", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21149", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016399", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2202", }, { date: "2020-04-27T18:15:12.107000", db: "NVD", id: "CVE-2018-21149", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-09T00:00:00", db: "CNVD", id: "CNVD-2021-48933", }, { date: "2020-05-06T00:00:00", db: "VULMON", id: "CVE-2018-21149", }, { date: "2020-06-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-016399", }, { date: "2020-05-07T00:00:00", db: "CNNVD", id: "CNNVD-202004-2202", }, { date: "2024-11-21T04:03:01.247000", db: "NVD", id: "CVE-2018-21149", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2202", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016399", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2202", }, ], trust: 0.6, }, }
var-202004-1692
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR EX2700 is a wireless network signal extender. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.28, EX2700 prior to 1.0.1.32, EX6200v2 prior to 1.0.1.56, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WN2000RPTv3 prior to 1.0.1.20, WN3000RPv3 prior to 1.0.2.52, WN3100RPv2 prior to 1.0.0.42, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1692", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.28", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.6", }, { model: "ex2700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.32", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.56", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.20", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.28", }, { model: "ex2700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.32", }, { model: "ex6200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.56", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.6", }, { model: "wn2000rpt", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "wn3000rp", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wn3100rp", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wn2000rptv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.20", }, { model: "ex6200v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.56", }, { model: "wn3000rpv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.52", }, { model: "wn3100rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.42", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28241", }, { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "NVD", id: "CVE-2018-21181", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex2700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wn2000rpt_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wn3000rp_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wn3100rp_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016365", }, ], }, cve: "CVE-2018-21181", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2018-21181", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016365", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2020-28241", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2018-21181", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21181", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016365", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21181", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21181", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016365", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-28241", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2240", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21181", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28241", }, { db: "VULMON", id: "CVE-2018-21181", }, { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "CNNVD", id: "CNNVD-202004-2240", }, { db: "NVD", id: "CVE-2018-21181", }, { db: "NVD", id: "CVE-2018-21181", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D7800 is a wireless modem. NETGEAR EX2700 is a wireless network signal extender. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D7800 prior to 1.0.1.28, EX2700 prior to 1.0.1.32, EX6200v2 prior to 1.0.1.56, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WN2000RPTv3 prior to 1.0.1.20, WN3000RPv3 prior to 1.0.2.52, WN3100RPv2 prior to 1.0.0.42, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21181", }, { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "CNVD", id: "CNVD-2020-28241", }, { db: "VULMON", id: "CVE-2018-21181", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21181", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016365", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28241", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2240", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21181", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28241", }, { db: "VULMON", id: "CVE-2018-21181", }, { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "CNNVD", id: "CNNVD-202004-2240", }, { db: "NVD", id: "CVE-2018-21181", }, ], }, id: "VAR-202004-1692", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28241", }, ], trust: 1.3353913524999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28241", }, ], }, last_update_date: "2024-11-23T22:05:39.936000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, Gateways, and Extenders, PSV-2017-2618", trust: 0.8, url: "https://kb.netgear.com/000055177/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2618", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28241)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217491", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117734", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28241", }, { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "CNNVD", id: "CNNVD-202004-2240", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "NVD", id: "CVE-2018-21181", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21181", }, { trust: 1.7, url: "https://kb.netgear.com/000055177/security-advisory-for-post-authentication-stack-overflow-on-some-routers-gateways-and-extenders-psv-2017-2618", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21181", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28241", }, { db: "VULMON", id: "CVE-2018-21181", }, { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "CNNVD", id: "CNNVD-202004-2240", }, { db: "NVD", id: "CVE-2018-21181", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28241", }, { db: "VULMON", id: "CVE-2018-21181", }, { db: "JVNDB", id: "JVNDB-2018-016365", }, { db: "CNNVD", id: "CNNVD-202004-2240", }, { db: "NVD", id: "CVE-2018-21181", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28241", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21181", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016365", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2240", }, { date: "2020-04-28T13:15:12.480000", db: "NVD", id: "CVE-2018-21181", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28241", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21181", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016365", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2240", }, { date: "2024-11-21T04:03:06.550000", db: "NVD", id: "CVE-2018-21181", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2240", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016365", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2240", }, ], trust: 0.6, }, }
var-202004-1689
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1689", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "v4 1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "v3 1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "v5 1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28117", }, { db: "VULMON", id: "CVE-2018-21178", }, { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "NVD", id: "CVE-2018-21178", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016387", }, ], }, cve: "CVE-2018-21178", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21178", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016387", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28117", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21178", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21178", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016387", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21178", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21178", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016387", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28117", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2221", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21178", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28117", }, { db: "VULMON", id: "CVE-2018-21178", }, { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "CNNVD", id: "CNNVD-202004-2221", }, { db: "NVD", id: "CVE-2018-21178", }, { db: "NVD", id: "CVE-2018-21178", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21178", }, { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "CNVD", id: "CNVD-2020-28117", }, { db: "VULMON", id: "CVE-2018-21178", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21178", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016387", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28117", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2221", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21178", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28117", }, { db: "VULMON", id: "CVE-2018-21178", }, { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "CNNVD", id: "CNNVD-202004-2221", }, { db: "NVD", id: "CVE-2018-21178", }, ], }, id: "VAR-202004-1689", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28117", }, ], trust: 1.3365085385714286, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28117", }, ], }, last_update_date: "2024-11-23T22:21:12.394000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, PSV-2017-2621", trust: 0.8, url: "https://kb.netgear.com/000055180/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2621", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28117)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217407", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117313", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28117", }, { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "CNNVD", id: "CNNVD-202004-2221", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "NVD", id: "CVE-2018-21178", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21178", }, { trust: 1.7, url: "https://kb.netgear.com/000055180/security-advisory-for-post-authentication-stack-overflow-on-some-routers-psv-2017-2621", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21178", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28117", }, { db: "VULMON", id: "CVE-2018-21178", }, { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "CNNVD", id: "CNNVD-202004-2221", }, { db: "NVD", id: "CVE-2018-21178", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28117", }, { db: "VULMON", id: "CVE-2018-21178", }, { db: "JVNDB", id: "JVNDB-2018-016387", }, { db: "CNNVD", id: "CNNVD-202004-2221", }, { db: "NVD", id: "CVE-2018-21178", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28117", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21178", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016387", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2221", }, { date: "2020-04-27T21:15:13.093000", db: "NVD", id: "CVE-2018-21178", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28117", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21178", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016387", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2221", }, { date: "2024-11-21T04:03:06.087000", db: "NVD", id: "CVE-2018-21178", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2221", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016387", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2221", }, ], trust: 0.6, }, }
var-202004-0788
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0788", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "xr500", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.2.32", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.63", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.104", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61057", }, { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "NVD", id: "CVE-2019-20726", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015319", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1310", }, ], trust: 0.6, }, cve: "CVE-2019-20726", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20726", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015319", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-61057", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20726", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20726", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015319", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20726", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20726", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015319", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-61057", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1310", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61057", }, { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "CNNVD", id: "CNNVD-202004-1310", }, { db: "NVD", id: "CVE-2019-20726", }, { db: "NVD", id: "CVE-2019-20726", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands", sources: [ { db: "NVD", id: "CVE-2019-20726", }, { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "CNVD", id: "CNVD-2021-61057", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20726", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015319", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-61057", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1310", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61057", }, { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "CNNVD", id: "CNNVD-202004-1310", }, { db: "NVD", id: "CVE-2019-20726", }, ], }, id: "VAR-202004-0788", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-61057", }, ], trust: 1.2314201530769229, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61057", }, ], }, last_update_date: "2024-11-23T22:11:31.163000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command on Some Routers and Gateways, PSV-2018-0141", trust: 0.8, url: "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", }, { title: "Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-61057)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/285376", }, { title: "Multiple NETGEAR Fixing measures for product injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116576", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61057", }, { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "CNNVD", id: "CNNVD-202004-1310", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-74", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "NVD", id: "CVE-2019-20726", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20726", }, { trust: 1.6, url: "https://kb.netgear.com/000061202/security-advisory-for-post-authentication-command-on-some-routers-and-gateways-psv-2018-0141", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20726", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61057", }, { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "CNNVD", id: "CNNVD-202004-1310", }, { db: "NVD", id: "CVE-2019-20726", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-61057", }, { db: "JVNDB", id: "JVNDB-2019-015319", }, { db: "CNNVD", id: "CNNVD-202004-1310", }, { db: "NVD", id: "CVE-2019-20726", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61057", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015319", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1310", }, { date: "2020-04-16T19:15:25.527000", db: "NVD", id: "CVE-2019-20726", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61057", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015319", }, { date: "2020-10-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1310", }, { date: "2024-11-21T04:39:11.753000", db: "NVD", id: "CVE-2019-20726", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1310", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015319", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1310", }, ], trust: 0.6, }, }
var-202004-1465
Vulnerability from variot
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router.
There are security vulnerabilities in many NETGEAR products. The vulnerabilities stem from misconfiguration of security settings. No detailed vulnerability details are currently available. This affects D7800 prior to 1.0.1.28, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.88, WNDR4300 prior to 1.0.2.90, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1465", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.28", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.90", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.48", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28014", }, { db: "VULMON", id: "CVE-2017-18705", }, { db: "JVNDB", id: "JVNDB-2017-014998", }, { db: "NVD", id: "CVE-2017-18705", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014998", }, ], }, cve: "CVE-2017-18705", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2017-18705", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014998", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2020-28014", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18705", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18705", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014998", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18705", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18705", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014998", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-28014", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2124", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-18705", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28014", }, { db: "VULMON", id: "CVE-2017-18705", }, { db: "JVNDB", id: "JVNDB-2017-014998", }, { db: "CNNVD", id: "CNNVD-202004-2124", }, { db: "NVD", id: "CVE-2017-18705", }, { db: "NVD", id: "CVE-2017-18705", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR3700 is a wireless router. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. The vulnerabilities stem from misconfiguration of security settings. No detailed vulnerability details are currently available. This affects D7800 prior to 1.0.1.28, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.88, WNDR4300 prior to 1.0.2.90, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2017-18705", }, { db: "JVNDB", id: "JVNDB-2017-014998", }, { db: "CNVD", id: "CNVD-2020-28014", }, { db: "VULMON", id: "CVE-2017-18705", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18705", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2017-014998", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28014", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2124", trust: 0.6, }, { db: "VULMON", id: "CVE-2017-18705", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28014", }, { db: "VULMON", id: "CVE-2017-18705", }, { db: "JVNDB", id: "JVNDB-2017-014998", }, { db: "CNNVD", id: "CNNVD-202004-2124", }, { db: "NVD", id: "CVE-2017-18705", }, ], }, id: "VAR-202004-1465", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28014", }, ], trust: 1.2910627672727273, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28014", }, ], }, last_update_date: "2024-11-23T22:33:28.427000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Security Misconfiguration on Some Routers and Gateways, PSV-2017-0526", trust: 0.8, url: "https://kb.netgear.com/000053197/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0526", }, { title: "Patch for Many NETGEAR products have unknown vulnerabilities (CNVD-2020-28014)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217285", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117047", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28014", }, { db: "JVNDB", id: "JVNDB-2017-014998", }, { db: "CNNVD", id: "CNNVD-202004-2124", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2017-18705", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18705", }, { trust: 1.7, url: "https://kb.netgear.com/000053197/security-advisory-for-security-misconfiguration-on-some-routers-and-gateways-psv-2017-0526", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18705", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28014", }, { db: "VULMON", id: "CVE-2017-18705", }, { db: "JVNDB", id: "JVNDB-2017-014998", }, { db: "CNNVD", id: "CNNVD-202004-2124", }, { db: "NVD", id: "CVE-2017-18705", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28014", }, { db: "VULMON", id: "CVE-2017-18705", }, { db: "JVNDB", id: "JVNDB-2017-014998", }, { db: "CNNVD", id: "CNNVD-202004-2124", }, { db: "NVD", id: "CVE-2017-18705", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-13T00:00:00", db: "CNVD", id: "CNVD-2020-28014", }, { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2017-18705", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2017-014998", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-2124", }, { date: "2020-04-24T15:15:12.677000", db: "NVD", id: "CVE-2017-18705", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-13T00:00:00", db: "CNVD", id: "CNVD-2020-28014", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2017-18705", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2017-014998", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2124", }, { date: "2024-11-21T03:20:42.657000", db: "NVD", id: "CVE-2017-18705", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2124", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014998", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-2124", }, ], trust: 0.6, }, }
var-202004-1706
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1706", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.6", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.40", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.6", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.30", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.31", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28271", }, { db: "VULMON", id: "CVE-2018-21195", }, { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "NVD", id: "CVE-2018-21195", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016363", }, ], }, cve: "CVE-2018-21195", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21195", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016363", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28271", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21195", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21195", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016363", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21195", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21195", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016363", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28271", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2263", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21195", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28271", }, { db: "VULMON", id: "CVE-2018-21195", }, { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "CNNVD", id: "CNNVD-202004-2263", }, { db: "NVD", id: "CVE-2018-21195", }, { db: "NVD", id: "CVE-2018-21195", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6100, etc. are all products of NETGEAR. NETGEAR D6100 is a wireless modem. NETGEAR WNDR3700 is a wireless router. NETGEAR R6100 is a wireless router. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.34, R6100 prior to 1.0.1.20, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.3.6, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21195", }, { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "CNVD", id: "CNVD-2020-28271", }, { db: "VULMON", id: "CVE-2018-21195", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21195", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016363", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28271", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2263", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21195", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28271", }, { db: "VULMON", id: "CVE-2018-21195", }, { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "CNNVD", id: "CNNVD-202004-2263", }, { db: "NVD", id: "CVE-2018-21195", }, ], }, id: "VAR-202004-1706", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28271", }, ], trust: 1.274251435, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28271", }, ], }, last_update_date: "2024-11-23T22:16:29.947000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2600", trust: 0.8, url: "https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28271)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217553", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117355", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28271", }, { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "CNNVD", id: "CNNVD-202004-2263", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "NVD", id: "CVE-2018-21195", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21195", }, { trust: 1.7, url: "https://kb.netgear.com/000055162/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2600", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21195", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28271", }, { db: "VULMON", id: "CVE-2018-21195", }, { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "CNNVD", id: "CNNVD-202004-2263", }, { db: "NVD", id: "CVE-2018-21195", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28271", }, { db: "VULMON", id: "CVE-2018-21195", }, { db: "JVNDB", id: "JVNDB-2018-016363", }, { db: "CNNVD", id: "CNNVD-202004-2263", }, { db: "NVD", id: "CVE-2018-21195", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28271", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21195", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016363", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2263", }, { date: "2020-04-28T16:15:12.873000", db: "NVD", id: "CVE-2018-21195", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28271", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21195", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016363", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2263", }, { date: "2024-11-21T04:03:08.770000", db: "NVD", id: "CVE-2018-21195", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2263", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016363", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2263", }, ], trust: 0.6, }, }
var-202004-0784
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0784", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "xr500", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.2.32", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.44", }, { model: "rbk20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.28", }, { model: "rbr20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs40", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.28", }, { model: "rbk50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.32", }, { model: "rbr50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.32", }, { model: "rbs50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.32", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.58", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.38", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.44", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.38", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "rbk20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbk50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.32", }, { model: "rbr20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.38", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61055", }, { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "NVD", id: "CVE-2019-20722", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk50_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbs20_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015387", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1306", }, ], trust: 0.6, }, cve: "CVE-2019-20722", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20722", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015387", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-61055", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20722", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20722", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015387", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20722", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20722", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015387", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-61055", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1306", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61055", }, { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "CNNVD", id: "CNNVD-202004-1306", }, { db: "NVD", id: "CVE-2019-20722", }, { db: "NVD", id: "CVE-2019-20722", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR WNDR4300 is a wireless router. The vulnerability stems from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands", sources: [ { db: "NVD", id: "CVE-2019-20722", }, { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "CNVD", id: "CNVD-2021-61055", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20722", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015387", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-61055", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1306", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61055", }, { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "CNNVD", id: "CNNVD-202004-1306", }, { db: "NVD", id: "CVE-2019-20722", }, ], }, id: "VAR-202004-0784", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-61055", }, ], trust: 1.0507588705263158, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61055", }, ], }, last_update_date: "2024-11-23T22:58:19.170000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Command Injection on Some Routers, Gateways, and WiFi Systems, PSV-2018-0148", trust: 0.8, url: "https://kb.netgear.com/000061206/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0148", }, { title: "Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-61055)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/285381", }, { title: "Multiple NETGEAR Fixing measures for product injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116573", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61055", }, { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "CNNVD", id: "CNNVD-202004-1306", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-74", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "NVD", id: "CVE-2019-20722", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20722", }, { trust: 1.6, url: "https://kb.netgear.com/000061206/security-advisory-for-post-authentication-command-injection-on-some-routers-gateways-and-wifi-systems-psv-2018-0148", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20722", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-61055", }, { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "CNNVD", id: "CNNVD-202004-1306", }, { db: "NVD", id: "CVE-2019-20722", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-61055", }, { db: "JVNDB", id: "JVNDB-2019-015387", }, { db: "CNNVD", id: "CNNVD-202004-1306", }, { db: "NVD", id: "CVE-2019-20722", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61055", }, { date: "2020-05-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-015387", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1306", }, { date: "2020-04-16T19:15:25.277000", db: "NVD", id: "CVE-2019-20722", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "CNVD", id: "CNVD-2021-61055", }, { date: "2020-05-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-015387", }, { date: "2020-10-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1306", }, { date: "2024-11-21T04:39:11.107000", db: "NVD", id: "CVE-2019-20722", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1306", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015387", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1306", }, ], trust: 0.6, }, }
var-202004-0800
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0800", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbr50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.5.30", }, { model: "rbs50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.5.30", }, { model: "rbk50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.5.30", }, { model: "r6250", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.26", }, { model: "r6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.36", }, { model: "r7900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.10", }, { model: "r8000p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.3.0.10", }, { model: "r7900p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.3.0.10", }, { model: "rbw30", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.1.2.6", }, { model: "r6700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.44", }, { model: "r6900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.44", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.34", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.52", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "r8000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.12", }, { model: "d6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.74", }, { model: "d8500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.39", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.44", }, { model: "r7300dst", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7100lg", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.40", }, { model: "r8300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.116", }, { model: "r8500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.116", }, { model: "r7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.9.26", }, { model: "r6900p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.3.0.20", }, { model: "r7000p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.3.0.20", }, { model: "jndr3000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.22", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.98", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.18", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.74", }, { model: "dgnd2200b", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.102", }, { model: "wnr3500l", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "dgn2200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.102", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.26", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "d6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.74", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.74", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.34", }, { model: "d8500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.39", }, { model: "dgn2200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.102", }, { model: "dgnd2200b", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.102", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.52", }, { model: "jndr3000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.22", }, { model: "rbk50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.5.30", }, { model: "rbr50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.5.30", }, { model: "r6400v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.26", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.98", }, { model: "dgn2200v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.102", }, { model: "wndr3400v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.18", }, { model: "wnr3500lv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.2.0.48", }, { model: "d7000v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.74", }, { model: "dgnd2200bv4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.102", }, { model: "r6300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.4.24", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67656", }, { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "NVD", id: "CVE-2019-20728", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d8500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dgn2200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dgnd2200b_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jndr3000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk50_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr50_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015430", }, ], }, cve: "CVE-2019-20728", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2019-20728", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015430", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2021-67656", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2019-20728", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2019-20728", impactScore: 5.5, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015430", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20728", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20728", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015430", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-67656", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1339", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67656", }, { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "CNNVD", id: "CNNVD-202004-1339", }, { db: "NVD", id: "CVE-2019-20728", }, { db: "NVD", id: "CVE-2019-20728", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow", sources: [ { db: "NVD", id: "CVE-2019-20728", }, { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "CNVD", id: "CNVD-2021-67656", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20728", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015430", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-67656", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1339", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67656", }, { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "CNNVD", id: "CNNVD-202004-1339", }, { db: "NVD", id: "CVE-2019-20728", }, ], }, id: "VAR-202004-0800", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-67656", }, ], trust: 1.131329496931818, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67656", }, ], }, last_update_date: "2024-11-23T22:51:27.214000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Buffer Overflow on Some Routers, Gateways, and WiFi Systems, PSV-2017-315", trust: 0.8, url: "https://kb.netgear.com/000061199/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2017-315", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-67656)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/289181", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114877", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67656", }, { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "CNNVD", id: "CNNVD-202004-1339", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "NVD", id: "CVE-2019-20728", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20728", }, { trust: 1.6, url: "https://kb.netgear.com/000061199/security-advisory-for-post-authentication-buffer-overflow-on-some-routers-gateways-and-wifi-systems-psv-2017-315", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20728", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67656", }, { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "CNNVD", id: "CNNVD-202004-1339", }, { db: "NVD", id: "CVE-2019-20728", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-67656", }, { db: "JVNDB", id: "JVNDB-2019-015430", }, { db: "CNNVD", id: "CNNVD-202004-1339", }, { db: "NVD", id: "CVE-2019-20728", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67656", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015430", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1339", }, { date: "2020-04-16T20:15:13.210000", db: "NVD", id: "CVE-2019-20728", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67656", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015430", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1339", }, { date: "2024-11-21T04:39:12.090000", db: "NVD", id: "CVE-2019-20728", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1339", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2019-015430", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1339", }, ], trust: 0.6, }, }
var-202004-1353
Vulnerability from variot
plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1353", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.36", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.112", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.16", }, { model: "jr6150", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.10", }, { model: "r6050", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.10", }, { model: "r6220", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.50", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.90", }, { model: "wnr2020", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.44", }, { model: "wnr2050", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.44", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.48", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.44", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "jnr1010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.44", }, { model: "jr6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.10", }, { model: "jwnr2010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.44", }, { model: "r6050", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.10", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.16", }, { model: "r6220", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.50", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.36", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.48", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, { model: "jnr1010v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.44", }, { model: "jwnr2010v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.44", }, { model: "wnr1000v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.44", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59156", }, { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "NVD", id: "CVE-2017-18749", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:jnr1010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jr6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jwnr2010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6050_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6220_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014936", }, ], }, cve: "CVE-2017-18749", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2017-18749", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014936", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2021-59156", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18749", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18749", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014936", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18749", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18749", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014936", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-59156", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1990", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59156", }, { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "CNNVD", id: "CNNVD-202004-1990", }, { db: "NVD", id: "CVE-2017-18749", }, { db: "NVD", id: "CVE-2017-18749", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client", sources: [ { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "CNVD", id: "CNVD-2021-59156", }, ], trust: 1.26, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18749", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014936", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-59156", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1990", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59156", }, { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "CNNVD", id: "CNNVD-202004-1990", }, { db: "NVD", id: "CVE-2017-18749", }, ], }, id: "VAR-202004-1353", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-59156", }, ], trust: 1.2888241489473682, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59156", }, ], }, last_update_date: "2024-11-23T22:21:12.807000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Cross-Site Request Forgery on Some Routers, PSV-2016-0101", trust: 0.8, url: "https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101", }, { title: "Patch for Cross-site request forgery vulnerability in multiple NETGEAR products (CNVD-2021-59156)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/284381", }, { title: "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116752", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59156", }, { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "CNNVD", id: "CNNVD-202004-1990", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "NVD", id: "CVE-2017-18749", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18749", }, { trust: 1.6, url: "https://kb.netgear.com/000051505/security-advisory-for-cross-site-request-forgery-on-some-routers-psv-2016-0101", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18749", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59156", }, { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "CNNVD", id: "CNNVD-202004-1990", }, { db: "NVD", id: "CVE-2017-18749", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-59156", }, { db: "JVNDB", id: "JVNDB-2017-014936", }, { db: "CNNVD", id: "CNNVD-202004-1990", }, { db: "NVD", id: "CVE-2017-18749", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59156", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-014936", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-1990", }, { date: "2020-04-23T16:15:12.993000", db: "NVD", id: "CVE-2017-18749", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59156", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-014936", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1990", }, { date: "2024-11-21T03:20:49.723000", db: "NVD", id: "CVE-2017-18749", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1990", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site request forgery vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2017-014936", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-202004-1990", }, ], trust: 0.6, }, }
var-202004-1423
Vulnerability from variot
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1423", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.36", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.112", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.16", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.28", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.90", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.55", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.61", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.61", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.55", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.28", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.36", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.90", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57160", }, { db: "JVNDB", id: "JVNDB-2017-014937", }, { db: "NVD", id: "CVE-2017-18740", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014937", }, ], }, cve: "CVE-2017-18740", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2017-18740", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014937", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-57160", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2017-18740", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2017-18740", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "Low", baseScore: 6.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2017-014937", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18740", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18740", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-014937", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-57160", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1984", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57160", }, { db: "JVNDB", id: "JVNDB-2017-014937", }, { db: "CNNVD", id: "CNNVD-202004-1984", }, { db: "NVD", id: "CVE-2017-18740", }, { db: "NVD", id: "CVE-2017-18740", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all products of NETGEAR. NETGEAR R7800 is a wireless router. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2017-18740", }, { db: "JVNDB", id: "JVNDB-2017-014937", }, { db: "CNVD", id: "CNVD-2021-57160", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18740", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014937", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-57160", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1984", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57160", }, { db: "JVNDB", id: "JVNDB-2017-014937", }, { db: "CNNVD", id: "CNNVD-202004-1984", }, { db: "NVD", id: "CVE-2017-18740", }, ], }, id: "VAR-202004-1423", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-57160", }, ], trust: 1.2507181157142857, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57160", }, ], }, last_update_date: "2024-11-23T22:33:28.478000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Security Misconfiguration on Some Routers and Gateways, PSV-2017-0615", trust: 0.8, url: "https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615", }, { title: "Patch for Unspecified vulnerabilities exist in many NETGEAR products (CNVD-2021-57160)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/282676", }, { title: "Multiple NETGEAR Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116747", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57160", }, { db: "JVNDB", id: "JVNDB-2017-014937", }, { db: "CNNVD", id: "CNNVD-202004-1984", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2017-18740", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18740", }, { trust: 1.6, url: "https://kb.netgear.com/000051515/security-advisory-for-security-misconfiguration-on-some-routers-and-gateways-psv-2017-0615", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18740", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-57160", }, { db: "JVNDB", id: "JVNDB-2017-014937", }, { db: "CNNVD", id: "CNNVD-202004-1984", }, { db: "NVD", id: "CVE-2017-18740", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-57160", }, { db: "JVNDB", id: "JVNDB-2017-014937", }, { db: "CNNVD", id: "CNNVD-202004-1984", }, { db: "NVD", id: "CVE-2017-18740", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-28T00:00:00", db: "CNVD", id: "CNVD-2021-57160", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-014937", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-1984", }, { date: "2020-04-23T16:15:12.400000", db: "NVD", id: "CVE-2017-18740", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-31T00:00:00", db: "CNVD", id: "CNVD-2021-57160", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-014937", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1984", }, { date: "2024-11-21T03:20:48.380000", db: "NVD", id: "CVE-2017-18740", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1984", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014937", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202004-1984", }, ], trust: 0.6, }, }
var-202004-1691
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1691", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "v4 1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "v3 1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "v5 1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.55", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48934", }, { db: "VULMON", id: "CVE-2018-21180", }, { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "NVD", id: "CVE-2018-21180", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016389", }, ], }, cve: "CVE-2018-21180", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21180", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016389", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-48934", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21180", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21180", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016389", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21180", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21180", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016389", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-48934", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2223", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21180", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48934", }, { db: "VULMON", id: "CVE-2018-21180", }, { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "CNNVD", id: "CNNVD-202004-2223", }, { db: "NVD", id: "CVE-2018-21180", }, { db: "NVD", id: "CVE-2018-21180", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21180", }, { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "CNVD", id: "CNVD-2021-48934", }, { db: "VULMON", id: "CVE-2018-21180", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21180", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016389", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-48934", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2223", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21180", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48934", }, { db: "VULMON", id: "CVE-2018-21180", }, { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "CNNVD", id: "CNNVD-202004-2223", }, { db: "NVD", id: "CVE-2018-21180", }, ], }, id: "VAR-202004-1691", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-48934", }, ], trust: 1.30561081875, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48934", }, ], }, last_update_date: "2024-11-23T22:11:29.999000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2619", trust: 0.8, url: "https://kb.netgear.com/000055178/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2619", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-48934)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/277396", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117315", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48934", }, { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "CNNVD", id: "CNNVD-202004-2223", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "NVD", id: "CVE-2018-21180", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21180", }, { trust: 1.7, url: "https://kb.netgear.com/000055178/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2619", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21180", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48934", }, { db: "VULMON", id: "CVE-2018-21180", }, { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "CNNVD", id: "CNNVD-202004-2223", }, { db: "NVD", id: "CVE-2018-21180", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-48934", }, { db: "VULMON", id: "CVE-2018-21180", }, { db: "JVNDB", id: "JVNDB-2018-016389", }, { db: "CNNVD", id: "CNNVD-202004-2223", }, { db: "NVD", id: "CVE-2018-21180", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-08T00:00:00", db: "CNVD", id: "CNVD-2021-48934", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21180", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016389", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2223", }, { date: "2020-04-27T21:15:13.267000", db: "NVD", id: "CVE-2018-21180", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-09T00:00:00", db: "CNVD", id: "CNVD-2021-48934", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21180", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016389", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2223", }, { date: "2024-11-21T04:03:06.407000", db: "NVD", id: "CVE-2018-21180", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2223", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016389", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2223", }, ], trust: 0.6, }, }
var-202108-1620
Vulnerability from variot
Certain NETGEAR devices are affected by authentication bypass. This affects D3600 prior to 1.0.0.72, D6000 prior to 1.0.0.72, D6100 prior to 1.0.0.63, D6200 prior to 1.1.00.34, D6220 prior to 1.0.0.48, D6400 prior to 1.0.0.86, D7000 prior to 1.0.1.70, D7000v2 prior to 1.0.0.52, D7800 prior to 1.0.1.56, D8500 prior to 1.0.3.44, DC112A prior to 1.0.0.42, DGN2200v4 prior to 1.0.0.108, DGND2200Bv4 prior to 1.0.0.108, EX2700 prior to 1.0.1.48, EX3700 prior to 1.0.0.76, EX3800 prior to 1.0.0.76, EX6000 prior to 1.0.0.38, EX6100 prior to 1.0.2.24, EX6100v2 prior to 1.0.1.76, EX6120 prior to 1.0.0.42, EX6130 prior to 1.0.0.28, EX6150v1 prior to 1.0.0.42, EX6150v2 prior to 1.0.1.76, EX6200 prior to 1.0.3.88, EX6200v2 prior to 1.0.1.72, EX6400 prior to 1.0.2.136, EX7000 prior to 1.0.0.66, EX7300 prior to 1.0.2.136, EX8000 prior to 1.0.1.180, RBK50 prior to 2.1.4.10, RBR50 prior to 2.1.4.10, RBS50 prior to 2.1.4.10, RBK40 prior to 2.1.4.10, RBR40 prior to 2.1.4.10, RBS40 prior to 2.1.4.10, RBW30 prior to 2.2.1.204, PR2000 prior to 1.0.0.28, R6020 prior to 1.0.0.38, R6080 prior to 1.0.0.38, R6050 prior to 1.0.1.18, JR6150 prior to 1.0.1.18, R6120 prior to 1.0.0.46, R6220 prior to 1.1.0.86, R6250 prior to 1.0.4.34, R6300v2 prior to 1.0.4.32, R6400 prior to 1.0.1.44, R6400v2 prior to 1.0.2.62, R6700 prior to 1.0.1.48, R6700v2 prior to 1.2.0.36, R6800 prior to 1.2.0.36, R6900v2 prior to 1.2.0.36, R6900 prior to 1.0.1.48, R7000 prior to 1.0.9.34, R6900P prior to 1.3.1.64, R7000P prior to 1.3.1.64, R7100LG prior to 1.0.0.48, R7300DST prior to 1.0.0.70, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.52, R7900 prior to 1.0.3.8, R8000 prior to 1.0.4.28, R7900P prior to 1.4.1.30, R8000P prior to 1.4.1.30, R8300 prior to 1.0.2.128, R8500 prior to 1.0.2.128, R9000 prior to 1.0.3.10, RBS40V prior to 2.2.0.58, RBK50V prior to 2.2.0.58, WN2000RPTv3 prior to 1.0.1.32, WN2500RPv2 prior to 1.0.1.54, WN3000RPv3 prior to 1.0.2.78, WN3100RPv2 prior to 1.0.0.66, WNDR3400v3 prior to 1.0.1.22, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.56, WNDR4500v3 prior to 1.0.0.56, WNR2000v5 (R2000) prior to 1.0.0.66, WNR2020 prior to 1.1.0.62, WNR2050 prior to 1.1.0.62, WNR3500Lv2 prior to 1.2.0.62, and XR500 prior to 2.3.2.22.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1620", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.62", }, { model: "wnr2020", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.62", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "rbw30", scope: "lt", trust: 1, vendor: "netgear", version: "2.2.1.204", }, { model: "d6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wn2500rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.54", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.56", }, { model: "ex6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.38", }, { model: "r6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.46", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.44", }, { model: "ex2700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.48", }, { model: "r6800", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.36", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.72", }, { model: "pr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.28", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.4.10", }, { model: "r6020", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.38", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.72", }, { model: "ex6120", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.56", }, { model: "ex6130", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.28", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.38", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.180", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.28", }, { model: "r6080", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.38", }, { model: "d7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.70", }, { model: "d6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.86", }, { model: "r6220", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.86", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.1.64", }, { model: "wnr3500l", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.62", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.1.30", }, { model: "r7300dst", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.70", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.63", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.48", }, { model: "d6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.00.34", }, { model: "r6300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.32", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.10", }, { model: "r8300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.128", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.88", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.128", }, { model: "rbs40v", scope: "lt", trust: 1, vendor: "netgear", version: "2.2.0.58", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.4.10", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "jr6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.18", }, { model: "r6900", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.36", }, { model: "rbk50v", scope: "lt", trust: 1, vendor: "netgear", version: "2.2.0.58", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.22", }, { model: "ex3800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.4.10", }, { model: "dgnd2200b", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.108", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.4.10", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.1.64", }, { model: "r7900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.8", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.9.34", }, { model: "wnr2050", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.62", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.76", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.4.10", }, { model: "ex3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.48", }, { model: "r6250", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.34", }, { model: "dgn2200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.108", }, { model: "ex7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.66", }, { model: "dc112a", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.2.0.36", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.4.10", }, { model: "r6050", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.18", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.1.30", }, { model: "ex6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "d8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.44", }, { model: "wndr3400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.22", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.72", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.24", }, { model: "ex7300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.136", }, { model: "wn2000rpt", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.32", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.78", }, ], sources: [ { db: "NVD", id: "CVE-2021-38514", }, ], }, cve: "CVE-2021-38514", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2021-38514", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.2, id: "CVE-2021-38514", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 0.9, id: "CVE-2021-38514", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-38514", trust: 1, value: "LOW", }, { author: "cve@mitre.org", id: "CVE-2021-38514", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202108-962", trust: 0.6, value: "LOW", }, { author: "VULMON", id: "CVE-2021-38514", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-38514", }, { db: "CNNVD", id: "CNNVD-202108-962", }, { db: "NVD", id: "CVE-2021-38514", }, { db: "NVD", id: "CVE-2021-38514", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by authentication bypass. This affects D3600 prior to 1.0.0.72, D6000 prior to 1.0.0.72, D6100 prior to 1.0.0.63, D6200 prior to 1.1.00.34, D6220 prior to 1.0.0.48, D6400 prior to 1.0.0.86, D7000 prior to 1.0.1.70, D7000v2 prior to 1.0.0.52, D7800 prior to 1.0.1.56, D8500 prior to 1.0.3.44, DC112A prior to 1.0.0.42, DGN2200v4 prior to 1.0.0.108, DGND2200Bv4 prior to 1.0.0.108, EX2700 prior to 1.0.1.48, EX3700 prior to 1.0.0.76, EX3800 prior to 1.0.0.76, EX6000 prior to 1.0.0.38, EX6100 prior to 1.0.2.24, EX6100v2 prior to 1.0.1.76, EX6120 prior to 1.0.0.42, EX6130 prior to 1.0.0.28, EX6150v1 prior to 1.0.0.42, EX6150v2 prior to 1.0.1.76, EX6200 prior to 1.0.3.88, EX6200v2 prior to 1.0.1.72, EX6400 prior to 1.0.2.136, EX7000 prior to 1.0.0.66, EX7300 prior to 1.0.2.136, EX8000 prior to 1.0.1.180, RBK50 prior to 2.1.4.10, RBR50 prior to 2.1.4.10, RBS50 prior to 2.1.4.10, RBK40 prior to 2.1.4.10, RBR40 prior to 2.1.4.10, RBS40 prior to 2.1.4.10, RBW30 prior to 2.2.1.204, PR2000 prior to 1.0.0.28, R6020 prior to 1.0.0.38, R6080 prior to 1.0.0.38, R6050 prior to 1.0.1.18, JR6150 prior to 1.0.1.18, R6120 prior to 1.0.0.46, R6220 prior to 1.1.0.86, R6250 prior to 1.0.4.34, R6300v2 prior to 1.0.4.32, R6400 prior to 1.0.1.44, R6400v2 prior to 1.0.2.62, R6700 prior to 1.0.1.48, R6700v2 prior to 1.2.0.36, R6800 prior to 1.2.0.36, R6900v2 prior to 1.2.0.36, R6900 prior to 1.0.1.48, R7000 prior to 1.0.9.34, R6900P prior to 1.3.1.64, R7000P prior to 1.3.1.64, R7100LG prior to 1.0.0.48, R7300DST prior to 1.0.0.70, R7500v2 prior to 1.0.3.38, R7800 prior to 1.0.2.52, R7900 prior to 1.0.3.8, R8000 prior to 1.0.4.28, R7900P prior to 1.4.1.30, R8000P prior to 1.4.1.30, R8300 prior to 1.0.2.128, R8500 prior to 1.0.2.128, R9000 prior to 1.0.3.10, RBS40V prior to 2.2.0.58, RBK50V prior to 2.2.0.58, WN2000RPTv3 prior to 1.0.1.32, WN2500RPv2 prior to 1.0.1.54, WN3000RPv3 prior to 1.0.2.78, WN3100RPv2 prior to 1.0.0.66, WNDR3400v3 prior to 1.0.1.22, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.56, WNDR4500v3 prior to 1.0.0.56, WNR2000v5 (R2000) prior to 1.0.0.66, WNR2020 prior to 1.1.0.62, WNR2050 prior to 1.1.0.62, WNR3500Lv2 prior to 1.2.0.62, and XR500 prior to 2.3.2.22.", sources: [ { db: "VULMON", id: "CVE-2021-38514", }, ], trust: 0.1, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38514", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202108-962", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-38514", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-38514", }, { db: "CNNVD", id: "CNNVD-202108-962", }, { db: "NVD", id: "CVE-2021-38514", }, ], }, id: "VAR-202108-1620", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.36876626681034474, }, last_update_date: "2024-08-14T15:17:07.828000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Multiple Netgear Product access control error vulnerability fixes", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159356", }, { title: "CVE-2021-38514", trust: 0.1, url: "https://github.com/AlAIAL90/CVE-2021-38514 ", }, ], sources: [ { db: "VULMON", id: "CVE-2021-38514", }, { db: "CNNVD", id: "CNNVD-202108-962", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2021-38514", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000063757/security-advisory-for-authentication-bypass-on-some-routers-extenders-and-wifi-systems-psv-2017-2449", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38514", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/287.html", }, { trust: 0.1, url: "https://github.com/alaial90/cve-2021-38514", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-38514", }, { db: "CNNVD", id: "CNNVD-202108-962", }, { db: "NVD", id: "CVE-2021-38514", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-38514", }, { db: "CNNVD", id: "CNNVD-202108-962", }, { db: "NVD", id: "CVE-2021-38514", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "VULMON", id: "CVE-2021-38514", }, { date: "2021-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202108-962", }, { date: "2021-08-11T00:15:15.663000", db: "NVD", id: "CVE-2021-38514", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-19T00:00:00", db: "VULMON", id: "CVE-2021-38514", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202108-962", }, { date: "2022-07-12T17:42:04.277000", db: "NVD", id: "CVE-2021-38514", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-962", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple Netgear Product Authorization Issue Vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202108-962", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-202108-962", }, ], trust: 0.6, }, }
var-202004-1679
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1679", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28116", }, { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "NVD", id: "CVE-2018-21177", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016386", }, ], }, cve: "CVE-2018-21177", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2018-21177", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016386", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CNVD-2020-28116", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2018-21177", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21177", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016386", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21177", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21177", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016386", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-28116", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2220", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21177", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28116", }, { db: "VULMON", id: "CVE-2018-21177", }, { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "CNNVD", id: "CNNVD-202004-2220", }, { db: "NVD", id: "CVE-2018-21177", }, { db: "NVD", id: "CVE-2018-21177", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000, etc. are all products of NETGEAR. NETGEAR R9000 is a wireless router. NETGEAR R7800 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, R6100 prior to 1.0.1.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21177", }, { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "CNVD", id: "CNVD-2020-28116", }, { db: "VULMON", id: "CVE-2018-21177", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21177", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016386", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28116", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2220", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21177", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28116", }, { db: "VULMON", id: "CVE-2018-21177", }, { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "CNNVD", id: "CNNVD-202004-2220", }, { db: "NVD", id: "CVE-2018-21177", }, ], }, id: "VAR-202004-1679", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28116", }, ], trust: 1.2939943166666668, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28116", }, ], }, last_update_date: "2024-11-23T22:37:24.676000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2622", trust: 0.8, url: "https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28116)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217409", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117725", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28116", }, { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "CNNVD", id: "CNNVD-202004-2220", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "NVD", id: "CVE-2018-21177", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21177", }, { trust: 1.7, url: "https://kb.netgear.com/000055181/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2622", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21177", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28116", }, { db: "VULMON", id: "CVE-2018-21177", }, { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "CNNVD", id: "CNNVD-202004-2220", }, { db: "NVD", id: "CVE-2018-21177", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28116", }, { db: "VULMON", id: "CVE-2018-21177", }, { db: "JVNDB", id: "JVNDB-2018-016386", }, { db: "CNNVD", id: "CNNVD-202004-2220", }, { db: "NVD", id: "CVE-2018-21177", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28116", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21177", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016386", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2220", }, { date: "2020-04-27T20:15:11.947000", db: "NVD", id: "CVE-2018-21177", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28116", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21177", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016386", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2220", }, { date: "2024-11-21T04:03:05.923000", db: "NVD", id: "CVE-2018-21177", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2220", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016386", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2220", }, ], trust: 0.6, }, }
var-202004-1675
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1675", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.62", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28112", }, { db: "JVNDB", id: "JVNDB-2018-016382", }, { db: "NVD", id: "CVE-2018-21173", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016382", }, ], }, cve: "CVE-2018-21173", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21173", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016382", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28112", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21173", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21173", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016382", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21173", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21173", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016382", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28112", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2216", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21173", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28112", }, { db: "VULMON", id: "CVE-2018-21173", }, { db: "JVNDB", id: "JVNDB-2018-016382", }, { db: "CNNVD", id: "CNNVD-202004-2216", }, { db: "NVD", id: "CVE-2018-21173", }, { db: "NVD", id: "CVE-2018-21173", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21173", }, { db: "JVNDB", id: "JVNDB-2018-016382", }, { db: "CNVD", id: "CNVD-2020-28112", }, { db: "VULMON", id: "CVE-2018-21173", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21173", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016382", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28112", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2216", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21173", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28112", }, { db: "VULMON", id: "CVE-2018-21173", }, { db: "JVNDB", id: "JVNDB-2018-016382", }, { db: "CNNVD", id: "CNNVD-202004-2216", }, { db: "NVD", id: "CVE-2018-21173", }, ], }, id: "VAR-202004-1675", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28112", }, ], trust: 1.3061412212499999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28112", }, ], }, last_update_date: "2024-11-23T21:51:30.225000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, PSV-2017-2627", trust: 0.8, url: "https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28112)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217417", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28112", }, { db: "JVNDB", id: "JVNDB-2018-016382", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016382", }, { db: "NVD", id: "CVE-2018-21173", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21173", }, { trust: 1.7, url: "https://kb.netgear.com/000055185/security-advisory-for-post-authentication-stack-overflow-on-some-routers-psv-2017-2627", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21173", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28112", }, { db: "VULMON", id: "CVE-2018-21173", }, { db: "JVNDB", id: "JVNDB-2018-016382", }, { db: "CNNVD", id: "CNNVD-202004-2216", }, { db: "NVD", id: "CVE-2018-21173", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28112", }, { db: "VULMON", id: "CVE-2018-21173", }, { db: "JVNDB", id: "JVNDB-2018-016382", }, { db: "CNNVD", id: "CNNVD-202004-2216", }, { db: "NVD", id: "CVE-2018-21173", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28112", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21173", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016382", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2216", }, { date: "2020-04-27T18:15:13.027000", db: "NVD", id: "CVE-2018-21173", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28112", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21173", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016382", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2216", }, { date: "2024-11-21T04:03:05.063000", db: "NVD", id: "CVE-2018-21173", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2216", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016382", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2216", }, ], trust: 0.6, }, }
var-202004-1681
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1681", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.67", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.118", }, { model: "wndr4300", scope: "eq", trust: 0.9, vendor: "netgear", version: "1.0.0.50", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.67", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.20", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.24", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, { model: "d3600", scope: "eq", trust: 0.2, vendor: "netgear", version: "1.0.0.49", }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d3600", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.49", }, { model: "d6000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.61", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.28", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.20", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48929", }, { db: "VULMON", id: "CVE-2018-21223", }, { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "NVD", id: "CVE-2018-21223", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016337", }, ], }, cve: "CVE-2018-21223", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2018-21223", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016337", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2021-48929", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21223", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2018-21223", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016337", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21223", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2018-21223", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2018-016337", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-48929", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2316", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-21223", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48929", }, { db: "VULMON", id: "CVE-2018-21223", }, { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "CNNVD", id: "CNNVD-202004-2316", }, { db: "NVD", id: "CVE-2018-21223", }, { db: "NVD", id: "CVE-2018-21223", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR D6000 is a wireless modem. NETGEAR R7500 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D3600 prior to 1.0.0.67, D6000 prior to 1.0.0.67, D7800 prior to 1.0.1.30, R6100 prior to 1.0.1.20, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21223", }, { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "CNVD", id: "CNVD-2021-48929", }, { db: "VULMON", id: "CVE-2018-21223", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21223", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016337", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-48929", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2316", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21223", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48929", }, { db: "VULMON", id: "CVE-2018-21223", }, { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "CNNVD", id: "CNNVD-202004-2316", }, { db: "NVD", id: "CVE-2018-21223", }, ], }, id: "VAR-202004-1681", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-48929", }, ], trust: 1.2824539991666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48929", }, ], }, last_update_date: "2024-11-23T22:44:35.972000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers and Gateways, PSV-2017-2457", trust: 0.8, url: "https://kb.netgear.com/000055114/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2457", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-48929)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/277361", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117407", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48929", }, { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "CNNVD", id: "CNNVD-202004-2316", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "NVD", id: "CVE-2018-21223", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21223", }, { trust: 1.7, url: "https://kb.netgear.com/000055114/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-and-gateways-psv-2017-2457", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21223", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-48929", }, { db: "VULMON", id: "CVE-2018-21223", }, { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "CNNVD", id: "CNNVD-202004-2316", }, { db: "NVD", id: "CVE-2018-21223", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-48929", }, { db: "VULMON", id: "CVE-2018-21223", }, { db: "JVNDB", id: "JVNDB-2018-016337", }, { db: "CNNVD", id: "CNNVD-202004-2316", }, { db: "NVD", id: "CVE-2018-21223", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-08T00:00:00", db: "CNVD", id: "CNVD-2021-48929", }, { date: "2020-04-28T00:00:00", db: "VULMON", id: "CVE-2018-21223", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016337", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-2316", }, { date: "2020-04-28T17:15:12.993000", db: "NVD", id: "CVE-2018-21223", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-09T00:00:00", db: "CNVD", id: "CNVD-2021-48929", }, { date: "2020-05-05T00:00:00", db: "VULMON", id: "CVE-2018-21223", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016337", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2316", }, { date: "2024-11-21T04:03:13.120000", db: "NVD", id: "CVE-2018-21223", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2316", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2018-016337", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2316", }, ], trust: 0.6, }, }
var-202004-1421
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR EX6150 is a wireless network signal extender. NETGEAR WNDR4300 is a wireless router
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1421", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.16", }, { model: "r8500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.106", }, { model: "r8300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.106", }, { model: "r6400", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.24", }, { model: "r6700", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r6900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.22", }, { model: "r7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.9.10", }, { model: "r7000p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.2.0.22", }, { model: "r6900p", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.2.0.22", }, { model: "r7100lg", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.32", }, { model: "r7300dst", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.54", }, { model: "r7900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.18", }, { model: "r8000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.48", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.32", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.54", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.54", }, { model: "r6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.24", }, { model: "r6400", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.32", }, { model: "r6700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r6900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.22", }, { model: "r6900p", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.2.0.22", }, { model: "r7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.9.10", }, { model: "r7000p", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.2.0.22", }, { model: "r7100lg", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.32", }, { model: "r7300dst", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "r6400v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.32", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "ex6150v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.54", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-25884", }, { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "NVD", id: "CVE-2017-18738", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6400_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6900p_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7000p_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7100lg_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7300dst_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014863", }, ], }, cve: "CVE-2017-18738", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CVE-2017-18738", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014863", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.5, id: "CNVD-2020-25884", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18738", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18738", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014863", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18738", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18738", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014863", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-25884", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2033", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-25884", }, { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "CNNVD", id: "CNNVD-202004-2033", }, { db: "NVD", id: "CVE-2017-18738", }, { db: "NVD", id: "CVE-2017-18738", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all products of NETGEAR. NETGEAR R6400 is a wireless router. NETGEAR EX6150 is a wireless network signal extender. NETGEAR WNDR4300 is a wireless router", sources: [ { db: "NVD", id: "CVE-2017-18738", }, { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "CNVD", id: "CNVD-2020-25884", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18738", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014863", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-25884", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2033", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-25884", }, { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "CNNVD", id: "CNNVD-202004-2033", }, { db: "NVD", id: "CVE-2017-18738", }, ], }, id: "VAR-202004-1421", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-25884", }, ], trust: 1.1224791042105262, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-25884", }, ], }, last_update_date: "2024-11-23T22:05:40.228000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Stack Overflow on Some Routers and Extenders, PSV-2017-0706", trust: 0.8, url: "https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706", }, { title: "Patch for Multiple NETGEAR products buffer overflow leak (CNVD-2020-25884)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/216025", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116788", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-25884", }, { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "CNNVD", id: "CNNVD-202004-2033", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "NVD", id: "CVE-2017-18738", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18738", }, { trust: 1.6, url: "https://kb.netgear.com/000051517/security-advisory-for-pre-authentication-stack-overflow-on-some-routers-and-extenders-psv-2017-0706", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18738", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-25884", }, { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "CNNVD", id: "CNNVD-202004-2033", }, { db: "NVD", id: "CVE-2017-18738", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-25884", }, { db: "JVNDB", id: "JVNDB-2017-014863", }, { db: "CNNVD", id: "CNNVD-202004-2033", }, { db: "NVD", id: "CVE-2017-18738", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-30T00:00:00", db: "CNVD", id: "CNVD-2020-25884", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-014863", }, { date: "2020-04-23T00:00:00", db: "CNNVD", id: "CNNVD-202004-2033", }, { date: "2020-04-23T17:15:12.550000", db: "NVD", id: "CVE-2017-18738", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-30T00:00:00", db: "CNVD", id: "CNVD-2020-25884", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-014863", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-2033", }, { date: "2024-11-21T03:20:48.017000", db: "NVD", id: "CVE-2017-18738", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2033", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014863", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2033", }, ], trust: 0.6, }, }
var-201909-0107
Vulnerability from variot
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. The NETGEAR N300 is a wireless router from NETGEAR. Hostapd is a user space daemon for access points and authentication servers
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0107", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wnr2000", scope: "eq", trust: 1, vendor: "netgear", version: "1.0.0.70", }, { model: "wnr2000v5", scope: "eq", trust: 0.8, vendor: "net gear", version: "1.0.0.70", }, { model: "n300", scope: "eq", trust: 0.6, vendor: "netgear", version: "1.0.0.70", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-30960", }, { db: "JVNDB", id: "JVNDB-2019-009365", }, { db: "NVD", id: "CVE-2019-5055", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:wnr2000v5_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009365", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Discovered by Dave McDaniel of Cisco Talos.", sources: [ { db: "CNNVD", id: "CNNVD-201909-394", }, ], trust: 0.6, }, cve: "CVE-2019-5055", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2019-5055", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2019-30960", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-156490", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "talos-cna@cisco.com", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2019-5055", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2019-5055", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-5055", trust: 1, value: "HIGH", }, { author: "talos-cna@cisco.com", id: "CVE-2019-5055", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2019-5055", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2019-30960", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201909-394", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-156490", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-30960", }, { db: "VULHUB", id: "VHN-156490", }, { db: "JVNDB", id: "JVNDB-2019-009365", }, { db: "CNNVD", id: "CNNVD-201909-394", }, { db: "NVD", id: "CVE-2019-5055", }, { db: "NVD", id: "CVE-2019-5055", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. The NETGEAR N300 is a wireless router from NETGEAR. Hostapd is a user space daemon for access points and authentication servers", sources: [ { db: "NVD", id: "CVE-2019-5055", }, { db: "JVNDB", id: "JVNDB-2019-009365", }, { db: "CNVD", id: "CNVD-2019-30960", }, { db: "VULHUB", id: "VHN-156490", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "TALOS", id: "TALOS-2019-0832", trust: 3.1, }, { db: "NVD", id: "CVE-2019-5055", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2019-009365", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201909-394", trust: 0.7, }, { db: "CNVD", id: "CNVD-2019-30960", trust: 0.6, }, { db: "VULHUB", id: "VHN-156490", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-30960", }, { db: "VULHUB", id: "VHN-156490", }, { db: "JVNDB", id: "JVNDB-2019-009365", }, { db: "CNNVD", id: "CNNVD-201909-394", }, { db: "NVD", id: "CVE-2019-5055", }, ], }, id: "VAR-201909-0107", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-30960", }, { db: "VULHUB", id: "VHN-156490", }, ], trust: 1.3570029333333333, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-30960", }, ], }, last_update_date: "2024-11-23T22:48:19.046000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "WNR2000v5 - N300 Wireless Router", trust: 0.8, url: "https://www.netgear.com/support/product/WNR2000v5", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-009365", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-476", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-156490", }, { db: "JVNDB", id: "JVNDB-2019-009365", }, { db: "NVD", id: "CVE-2019-5055", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://talosintelligence.com/vulnerability_reports/talos-2019-0832", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-5055", }, { trust: 1.2, url: "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0832", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5055", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-30960", }, { db: "VULHUB", id: "VHN-156490", }, { db: "JVNDB", id: "JVNDB-2019-009365", }, { db: "CNNVD", id: "CNNVD-201909-394", }, { db: "NVD", id: "CVE-2019-5055", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-30960", }, { db: "VULHUB", id: "VHN-156490", }, { db: "JVNDB", id: "JVNDB-2019-009365", }, { db: "CNNVD", id: "CNNVD-201909-394", }, { db: "NVD", id: "CVE-2019-5055", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-09-10T00:00:00", db: "CNVD", id: "CNVD-2019-30960", }, { date: "2019-09-11T00:00:00", db: "VULHUB", id: "VHN-156490", }, { date: "2019-09-18T00:00:00", db: "JVNDB", id: "JVNDB-2019-009365", }, { date: "2019-09-09T00:00:00", db: "CNNVD", id: "CNNVD-201909-394", }, { date: "2019-09-11T22:15:19.430000", db: "NVD", id: "CVE-2019-5055", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-09-10T00:00:00", db: "CNVD", id: "CNVD-2019-30960", }, { date: "2019-09-13T00:00:00", db: "VULHUB", id: "VHN-156490", }, { date: "2019-09-18T00:00:00", db: "JVNDB", id: "JVNDB-2019-009365", }, { date: "2021-09-10T00:00:00", db: "CNNVD", id: "CNNVD-201909-394", }, { date: "2024-11-21T04:44:15.710000", db: "NVD", id: "CVE-2019-5055", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201909-394", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR N300 In wireless router NULL Pointer dereference vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-009365", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-201909-394", }, ], trust: 0.6, }, }
var-202004-1463
Vulnerability from variot
plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX6150, etc. are all products of NETGEAR. NETGEAR EX6150 is a wireless network signal extender. NETGEAR D7000 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client. This affects D1500 prior to 1.0.0.25, D500 prior to 1.0.0.25, D6100 prior to 1.0.0.55, D7000 prior to 1.0.1.50, D7800 prior to 1.0.1.28, EX6100v2 prior to 1.0.1.60, EX6150v2 prior to 1.0.1.60, JNR1010v2 prior to 1.1.0.46, JR6150 prior to 1.0.1.16, JWNR2010v5 prior to 1.1.0.46, PR2000 prior to 1.0.0.18, R6020 prior to 1.0.0.26, R6050 prior to 1.0.1.16, R6080 prior to 1.0.0.26, R6100 prior to 1.0.1.20, R6220 prior to 1.1.0.60, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WN3000RPv3 prior to 1.0.2.50, WN3100RPv2 prior to 1.0.0.40, WNDR3700v5 prior to 1.1.0.48, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.46, WNR2000v5 prior to 1.0.0.62, WNR2020 prior to 1.1.0.46, and WNR2050 prior to 1.1.0.46
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1463", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.20", }, { model: "pr2000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.18", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.28", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.118", }, { model: "d7000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.50", }, { model: "jr6150", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.16", }, { model: "r6020", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.26", }, { model: "r6050", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.16", }, { model: "r6080", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.26", }, { model: "r6220", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.60", }, { model: "wnr2020", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.46", }, { model: "d1500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.25", }, { model: "d500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.25", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.55", }, { model: "wnr2050", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.1.0.46", }, { model: "wnr1000", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.46", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.50", }, { model: "jnr1010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.46", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.40", }, { model: "ex6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.60", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "jwnr2010", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.46", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.20", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.0.48", }, { model: "d1500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.25", }, { model: "d500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.25", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.55", }, { model: "d7000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.50", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.28", }, { model: "ex6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.60", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.60", }, { model: "jnr1010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.46", }, { model: "jr6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.16", }, { model: "jwnr2010", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.1.0.46", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.20", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.48", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "ex6100v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.60", }, { model: "ex6150v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.1.60", }, { model: "wn3000rpv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.50", }, { model: "wn3100rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.40", }, { model: "wnr1000v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.46", }, { model: "jnr1010v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.46", }, { model: "jwnr2010v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.1.0.46", }, { model: "d1500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.20", }, { model: "d6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50 0.0.50", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.38", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.44", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.51", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.53", }, { model: "d7000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.74", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.22", }, { model: "d7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.24", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "ex6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.54", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.34 1.0.70", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.36", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.38", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.50", }, { model: "ex6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.54", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.32", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "jnr1010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.44", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.17", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.7", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.10", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "jr6150", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "jwnr2010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "jwnr2010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "jwnr2010", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.44", }, { model: "pr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "pr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.17", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.86", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.7", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.10", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.10j", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.1", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.12", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.14", }, { model: "r6100", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.1.16", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "r6220", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.50", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.108", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.112", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.116", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.118", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.122", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.124", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.130", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.10", }, { model: "r7500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.3.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.16", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.28", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.32", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.36", }, { model: "r7800", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.38", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.4", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.30", }, { model: "r9000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.40", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.44", }, { model: "wn3100rp", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.20", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr3700", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.46", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.52", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.56", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4500", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.72", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: null, }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "wnr1000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.44", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.42", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2020", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr2020", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "wnr2020", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.44", }, { model: "wnr2050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.40", }, { model: "wnr2050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.42", }, { model: "wnr2050", scope: "eq", trust: 0.1, vendor: "netgear", version: "1.1.0.44", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28013", }, { db: "VULMON", id: "CVE-2017-18703", }, { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "NVD", id: "CVE-2017-18703", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d1500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jnr1010_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jr6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:jwnr2010_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014997", }, ], }, cve: "CVE-2017-18703", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2017-18703", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014997", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2020-28013", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18703", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18703", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014997", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18703", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18703", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014997", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-28013", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2123", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-18703", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28013", }, { db: "VULMON", id: "CVE-2017-18703", }, { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "CNNVD", id: "CNNVD-202004-2123", }, { db: "NVD", id: "CVE-2017-18703", }, { db: "NVD", id: "CVE-2017-18703", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR EX6150, etc. are all products of NETGEAR. NETGEAR EX6150 is a wireless network signal extender. NETGEAR D7000 is a wireless modem. NETGEAR WNDR3700 is a wireless router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client. This affects D1500 prior to 1.0.0.25, D500 prior to 1.0.0.25, D6100 prior to 1.0.0.55, D7000 prior to 1.0.1.50, D7800 prior to 1.0.1.28, EX6100v2 prior to 1.0.1.60, EX6150v2 prior to 1.0.1.60, JNR1010v2 prior to 1.1.0.46, JR6150 prior to 1.0.1.16, JWNR2010v5 prior to 1.1.0.46, PR2000 prior to 1.0.0.18, R6020 prior to 1.0.0.26, R6050 prior to 1.0.1.16, R6080 prior to 1.0.0.26, R6100 prior to 1.0.1.20, R6220 prior to 1.1.0.60, R7500 prior to 1.0.0.118, R7500v2 prior to 1.0.3.20, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WN3000RPv3 prior to 1.0.2.50, WN3100RPv2 prior to 1.0.0.40, WNDR3700v5 prior to 1.1.0.48, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, WNR1000v4 prior to 1.1.0.46, WNR2000v5 prior to 1.0.0.62, WNR2020 prior to 1.1.0.46, and WNR2050 prior to 1.1.0.46", sources: [ { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "CNVD", id: "CNVD-2020-28013", }, { db: "VULMON", id: "CVE-2017-18703", }, ], trust: 1.35, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18703", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2017-014997", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28013", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2123", trust: 0.6, }, { db: "VULMON", id: "CVE-2017-18703", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28013", }, { db: "VULMON", id: "CVE-2017-18703", }, { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "CNNVD", id: "CNNVD-202004-2123", }, { db: "NVD", id: "CVE-2017-18703", }, ], }, id: "VAR-202004-1463", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28013", }, ], trust: 1.1831706938709678, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28013", }, ], }, last_update_date: "2024-11-23T21:51:30.493000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Cross-Site Request Forgery on Some Routers, Gateways, and Extenders, PSV-2017-0736", trust: 0.8, url: "https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736", }, { title: "Patch for Multiple NETGEAR product cross-site request forgery vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217287", }, { title: "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117046", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28013", }, { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "CNNVD", id: "CNNVD-202004-2123", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "NVD", id: "CVE-2017-18703", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18703", }, { trust: 1.7, url: "https://kb.netgear.com/000053199/security-advisory-for-cross-site-request-forgery-on-some-routers-gateways-and-extenders-psv-2017-0736", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18703", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/352.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28013", }, { db: "VULMON", id: "CVE-2017-18703", }, { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "CNNVD", id: "CNNVD-202004-2123", }, { db: "NVD", id: "CVE-2017-18703", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28013", }, { db: "VULMON", id: "CVE-2017-18703", }, { db: "JVNDB", id: "JVNDB-2017-014997", }, { db: "CNNVD", id: "CNNVD-202004-2123", }, { db: "NVD", id: "CVE-2017-18703", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-13T00:00:00", db: "CNVD", id: "CNVD-2020-28013", }, { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2017-18703", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2017-014997", }, { date: "2020-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202004-2123", }, { date: "2020-04-24T15:15:12.537000", db: "NVD", id: "CVE-2017-18703", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-13T00:00:00", db: "CNVD", id: "CNVD-2020-28013", }, { date: "2020-05-11T00:00:00", db: "VULMON", id: "CVE-2017-18703", }, { date: "2020-06-03T00:00:00", db: "JVNDB", id: "JVNDB-2017-014997", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2123", }, { date: "2024-11-21T03:20:42.307000", db: "NVD", id: "CVE-2017-18703", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-2123", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site request forgery vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2017-014997", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-202004-2123", }, ], trust: 0.6, }, }
var-202004-0755
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0755", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "xr500", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.2.32", }, { model: "rbk50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.32", }, { model: "rbr50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.32", }, { model: "rbs50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.32", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.63", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "rbk50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.32", }, { model: "rbr50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.32", }, { model: "rbs50", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.32", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.104", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67657", }, { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "NVD", id: "CVE-2019-20735", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk50_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr50_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbs50_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015452", }, ], }, cve: "CVE-2019-20735", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20735", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015452", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-67657", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20735", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20735", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015452", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20735", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20735", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015452", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-67657", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1346", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67657", }, { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "CNNVD", id: "CNNVD-202004-1346", }, { db: "NVD", id: "CVE-2019-20735", }, { db: "NVD", id: "CVE-2019-20735", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8900, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, it does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc", sources: [ { db: "NVD", id: "CVE-2019-20735", }, { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "CNVD", id: "CNVD-2021-67657", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20735", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015452", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-67657", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1346", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67657", }, { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "CNNVD", id: "CNNVD-202004-1346", }, { db: "NVD", id: "CVE-2019-20735", }, ], }, id: "VAR-202004-0755", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-67657", }, ], trust: 1.163177224375, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67657", }, ], }, last_update_date: "2024-11-23T22:37:25.566000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, Gateways, and WiFi Systems, PSV-2018-0138", trust: 0.8, url: "https://kb.netgear.com/000061191/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0138", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-67657)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/289161", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114905", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67657", }, { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "CNNVD", id: "CNNVD-202004-1346", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "NVD", id: "CVE-2019-20735", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20735", }, { trust: 1.6, url: "https://kb.netgear.com/000061191/security-advisory-for-post-authentication-stack-overflow-on-some-routers-gateways-and-wifi-systems-psv-2018-0138", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20735", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-67657", }, { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "CNNVD", id: "CNNVD-202004-1346", }, { db: "NVD", id: "CVE-2019-20735", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-67657", }, { db: "JVNDB", id: "JVNDB-2019-015452", }, { db: "CNNVD", id: "CNNVD-202004-1346", }, { db: "NVD", id: "CVE-2019-20735", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67657", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015452", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1346", }, { date: "2020-04-16T20:15:13.633000", db: "NVD", id: "CVE-2019-20735", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-02T00:00:00", db: "CNVD", id: "CNVD-2021-67657", }, { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015452", }, { date: "2020-04-17T00:00:00", db: "CNNVD", id: "CNNVD-202004-1346", }, { date: "2024-11-21T04:39:13.343000", db: "NVD", id: "CVE-2019-20735", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015452", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1346", }, ], trust: 0.6, }, }
var-202004-0798
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0798", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.60", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "dm200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.70", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.58", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.44", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.44", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.12", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.12", }, { model: "rbk20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbr20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, { db: "NVD", id: "CVE-2019-20752", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbs20_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, ], }, cve: "CVE-2019-20752", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2019-20752", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2019-015457", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2019-20752", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2019-20752", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2019-015457", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20752", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20752", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015457", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1363", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, { db: "CNNVD", id: "CNNVD-202004-1363", }, { db: "NVD", id: "CVE-2019-20752", }, { db: "NVD", id: "CVE-2019-20752", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with", sources: [ { db: "NVD", id: "CVE-2019-20752", }, { db: "JVNDB", id: "JVNDB-2019-015457", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20752", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2019-015457", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1363", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, { db: "CNNVD", id: "CNNVD-202004-1363", }, { db: "NVD", id: "CVE-2019-20752", }, ], }, id: "VAR-202004-0798", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.32658418937499994, }, last_update_date: "2024-11-23T23:08:03.130000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Site Stored Cross Scripting on Some Gateways, Routers, and WiFi Systems, PSV-2018-0250", trust: 0.8, url: "https://kb.netgear.com/000060967/Security-Advisory-for-Site-Stored-Cross-Scripting-on-Some-Gateways-Routers-and-WiFi-Systems-PSV-2018-0250", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, { db: "NVD", id: "CVE-2019-20752", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://kb.netgear.com/000060967/security-advisory-for-site-stored-cross-scripting-on-some-gateways-routers-and-wifi-systems-psv-2018-0250", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20752", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20752", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, { db: "CNNVD", id: "CNNVD-202004-1363", }, { db: "NVD", id: "CVE-2019-20752", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, { db: "CNNVD", id: "CNNVD-202004-1363", }, { db: "NVD", id: "CVE-2019-20752", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015457", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1363", }, { date: "2020-04-16T22:15:12.727000", db: "NVD", id: "CVE-2019-20752", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-20T00:00:00", db: "JVNDB", id: "JVNDB-2019-015457", }, { date: "2020-04-17T00:00:00", db: "CNNVD", id: "CNNVD-202004-1363", }, { date: "2024-11-21T04:39:16.207000", db: "NVD", id: "CVE-2019-20752", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015457", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-1363", }, ], trust: 0.6, }, }
var-202004-0792
Vulnerability from variot
Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. This affects D3600 prior to 1.0.0.75, D6000 prior to 1.0.0.75, D7800 prior to 1.0.1.44, DM200 prior to 1.0.0.58, R7800 prior to 1.0.2.58, R8900 prior to 1.0.4.12, R9000 prior to 1.0.4.8, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK40 prior to 2.3.0.28, RBS40 prior to 2.3.0.28, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, WN3000RPv2 prior to 1.0.0.68, WN3000RPv3 prior to 1.0.2.70, WN3100RPv2 prior to 1.0.0.60, WNDR4300v2 prior to 1.0.0.58, WNDR4500v3 prior to 1.0.0.58, and WNR2000v5 prior to 1.0.0.68
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0792", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.60", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.8", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "rbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "dm200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "rbk20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.70", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.58", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.12", }, { model: "d7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.44", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.32", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.0.28", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.44", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.58", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.12", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.8", }, { model: "rbk20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbr20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, { model: "rbs20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.28", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "NVD", id: "CVE-2019-20746", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbs20_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015368", }, ], }, cve: "CVE-2019-20746", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2019-20746", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1.1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2019-015368", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2019-20746", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.2, id: "CVE-2019-20746", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2019-015368", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20746", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20746", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015368", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1357", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-20746", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-20746", }, { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "CNNVD", id: "CNNVD-202004-1357", }, { db: "NVD", id: "CVE-2019-20746", }, { db: "NVD", id: "CVE-2019-20746", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. This affects D3600 prior to 1.0.0.75, D6000 prior to 1.0.0.75, D7800 prior to 1.0.1.44, DM200 prior to 1.0.0.58, R7800 prior to 1.0.2.58, R8900 prior to 1.0.4.12, R9000 prior to 1.0.4.8, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK40 prior to 2.3.0.28, RBS40 prior to 2.3.0.28, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, WN3000RPv2 prior to 1.0.0.68, WN3000RPv3 prior to 1.0.2.70, WN3100RPv2 prior to 1.0.0.60, WNDR4300v2 prior to 1.0.0.58, WNDR4500v3 prior to 1.0.0.58, and WNR2000v5 prior to 1.0.0.68", sources: [ { db: "NVD", id: "CVE-2019-20746", }, { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "VULMON", id: "CVE-2019-20746", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20746", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2019-015368", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1357", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-20746", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-20746", }, { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "CNNVD", id: "CNNVD-202004-1357", }, { db: "NVD", id: "CVE-2019-20746", }, ], }, id: "VAR-202004-0792", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.326584189375, }, last_update_date: "2024-11-23T21:35:58.882000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Reflected Cross Site Scripting on Some Routers, Gateways, and WiFi Systems, PSV-2018-0252", trust: 0.8, url: "https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252", }, { title: "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114945", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "CNNVD", id: "CNNVD-202004-1357", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "NVD", id: "CVE-2019-20746", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000060973/security-advisory-for-reflected-cross-site-scripting-on-some-routers-gateways-and-wifi-systems-psv-2018-0252", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20746", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20746", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2019-20746", }, { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "CNNVD", id: "CNNVD-202004-1357", }, { db: "NVD", id: "CVE-2019-20746", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-20746", }, { db: "JVNDB", id: "JVNDB-2019-015368", }, { db: "CNNVD", id: "CNNVD-202004-1357", }, { db: "NVD", id: "CVE-2019-20746", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-16T00:00:00", db: "VULMON", id: "CVE-2019-20746", }, { date: "2020-05-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-015368", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1357", }, { date: "2020-04-16T21:15:12.767000", db: "NVD", id: "CVE-2019-20746", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-21T00:00:00", db: "VULMON", id: "CVE-2019-20746", }, { date: "2020-05-14T00:00:00", db: "JVNDB", id: "JVNDB-2019-015368", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1357", }, { date: "2024-11-21T04:39:15.160000", db: "NVD", id: "CVE-2019-20746", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1357", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015368", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-1357", }, ], trust: 0.6, }, }
var-202004-0787
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects D3600 prior to 1.0.0.75, D6000 prior to 1.0.0.75, D6100 prior to 1.0.0.63, R7800 prior to 1.0.2.52, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.58, WNDR4500v3 prior to 1.0.0.58, WNR2000v5 prior to 1.0.0.68, and XR500 prior to 2.3.2.32
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0787", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.104", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "d6100", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.63", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "r9000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "r8900", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.2", }, { model: "xr500", scope: "lt", trust: 1, vendor: "netgear", version: "2.3.2.32", }, { model: "d6000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.75", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.63", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.2", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.102", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.104", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "NVD", id: "CVE-2019-20725", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015318", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "aircut", sources: [ { db: "CNNVD", id: "CNNVD-202004-1309", }, ], trust: 0.6, }, cve: "CVE-2019-20725", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2019-20725", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2019-015318", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20725", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2019-20725", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2019-015318", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20725", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20725", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015318", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202004-1309", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-20725", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-20725", }, { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "CNNVD", id: "CNNVD-202004-1309", }, { db: "NVD", id: "CVE-2019-20725", }, { db: "NVD", id: "CVE-2019-20725", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects D3600 prior to 1.0.0.75, D6000 prior to 1.0.0.75, D6100 prior to 1.0.0.63, R7800 prior to 1.0.2.52, R8900 prior to 1.0.4.2, R9000 prior to 1.0.4.2, WNDR3700v4 prior to 1.0.2.102, WNDR4300v1 prior to 1.0.2.104, WNDR4300v2 prior to 1.0.0.58, WNDR4500v3 prior to 1.0.0.58, WNR2000v5 prior to 1.0.0.68, and XR500 prior to 2.3.2.32", sources: [ { db: "NVD", id: "CVE-2019-20725", }, { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "VULMON", id: "CVE-2019-20725", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20725", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2019-015318", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1309", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-20725", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-20725", }, { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "CNNVD", id: "CNNVD-202004-1309", }, { db: "NVD", id: "CVE-2019-20725", }, ], }, id: "VAR-202004-0787", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.42989337874999994, }, last_update_date: "2024-11-23T22:41:07.571000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2018-0143", trust: 0.8, url: "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116575", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "CNNVD", id: "CNNVD-202004-1309", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "NVD", id: "CVE-2019-20725", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000061203/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2018-0143", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20725", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20725", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2019-20725", }, { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "CNNVD", id: "CNNVD-202004-1309", }, { db: "NVD", id: "CVE-2019-20725", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-20725", }, { db: "JVNDB", id: "JVNDB-2019-015318", }, { db: "CNNVD", id: "CNNVD-202004-1309", }, { db: "NVD", id: "CVE-2019-20725", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-16T00:00:00", db: "VULMON", id: "CVE-2019-20725", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015318", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1309", }, { date: "2020-04-16T19:15:25.463000", db: "NVD", id: "CVE-2019-20725", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-20T00:00:00", db: "VULMON", id: "CVE-2019-20725", }, { date: "2020-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-015318", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1309", }, { date: "2024-11-21T04:39:11.597000", db: "NVD", id: "CVE-2019-20725", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1309", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015318", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1309", }, ], trust: 0.6, }, }
var-202004-1690
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.30, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1690", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.52", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.57", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.30", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.94", }, { model: "r7800", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.30", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.50", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.62", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.92", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.57", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.30", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.40", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.52", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "v4 1.0.2.92", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.94", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "v2 1.0.0.50", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "v3 1.0.0.50", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "v5 1.0.0.62", }, { model: "r7800", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.40", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.62", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.24", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.92", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.50", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28118", }, { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "NVD", id: "CVE-2018-21179", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016388", }, ], }, cve: "CVE-2018-21179", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21179", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016388", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2020-28118", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21179", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21179", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016388", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21179", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21179", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016388", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-28118", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-2222", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21179", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28118", }, { db: "VULMON", id: "CVE-2018-21179", }, { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "CNNVD", id: "CNNVD-202004-2222", }, { db: "NVD", id: "CVE-2018-21179", }, { db: "NVD", id: "CVE-2018-21179", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7800, etc. are all products of NETGEAR. NETGEAR D7800 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. The attacker The vulnerability can be exploited to cause buffer overflow or heap overflow. This affects D6100 prior to 1.0.0.57, D7800 prior to 1.0.1.30, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.24, R7800 prior to 1.0.2.40, R9000 prior to 1.0.2.52, WNDR3700v4 prior to 1.0.2.92, WNDR4300 prior to 1.0.2.94, WNDR4300v2 prior to 1.0.0.50, WNDR4500v3 prior to 1.0.0.50, and WNR2000v5 prior to 1.0.0.62", sources: [ { db: "NVD", id: "CVE-2018-21179", }, { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "CNVD", id: "CNVD-2020-28118", }, { db: "VULMON", id: "CVE-2018-21179", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21179", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016388", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-28118", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-2222", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21179", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28118", }, { db: "VULMON", id: "CVE-2018-21179", }, { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "CNNVD", id: "CNNVD-202004-2222", }, { db: "NVD", id: "CVE-2018-21179", }, ], }, id: "VAR-202004-1690", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-28118", }, ], trust: 1.2809049927272729, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28118", }, ], }, last_update_date: "2024-11-23T22:41:06.367000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers and Gateways, PSV-2017-2620", trust: 0.8, url: "https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620", }, { title: "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28118)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/217405", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117314", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28118", }, { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "CNNVD", id: "CNNVD-202004-2222", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "NVD", id: "CVE-2018-21179", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21179", }, { trust: 1.7, url: "https://kb.netgear.com/000055179/security-advisory-for-post-authentication-stack-overflow-on-some-routers-and-gateways-psv-2017-2620", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21179", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-28118", }, { db: "VULMON", id: "CVE-2018-21179", }, { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "CNNVD", id: "CNNVD-202004-2222", }, { db: "NVD", id: "CVE-2018-21179", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-28118", }, { db: "VULMON", id: "CVE-2018-21179", }, { db: "JVNDB", id: "JVNDB-2018-016388", }, { db: "CNNVD", id: "CNNVD-202004-2222", }, { db: "NVD", id: "CVE-2018-21179", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28118", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21179", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016388", }, { date: "2020-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202004-2222", }, { date: "2020-04-27T21:15:13.203000", db: "NVD", id: "CVE-2018-21179", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-14T00:00:00", db: "CNVD", id: "CNVD-2020-28118", }, { date: "2020-05-01T00:00:00", db: "VULMON", id: "CVE-2018-21179", }, { date: "2020-06-01T00:00:00", db: "JVNDB", id: "JVNDB-2018-016388", }, { date: "2020-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202004-2222", }, { date: "2024-11-21T04:03:06.250000", db: "NVD", id: "CVE-2018-21179", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-2222", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016388", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-2222", }, ], trust: 0.6, }, }
var-202004-1580
Vulnerability from variot
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects DM200 prior to 1.0.0.52, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.16, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1580", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.122", }, { model: "wndr4300", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.98", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.52", }, { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.42", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.16", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.3.10", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.96", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.54", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.52", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.122", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.42", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.10", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.16", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.96", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.98", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.54", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.64", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.96", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59166", }, { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "NVD", id: "CVE-2018-21144", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016318", }, ], }, cve: "CVE-2018-21144", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CVE-2018-21144", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2018-016318", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, id: "CNVD-2021-59166", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21144", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2018-21144", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2018-016318", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-21144", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2018-21144", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2018-016318", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-59166", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1841", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-21144", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59166", }, { db: "VULMON", id: "CVE-2018-21144", }, { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "CNNVD", id: "CNNVD-202004-1841", }, { db: "NVD", id: "CVE-2018-21144", }, { db: "NVD", id: "CVE-2018-21144", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. This affects DM200 prior to 1.0.0.52, R7500 prior to 1.0.0.122, R7800 prior to 1.0.2.42, R8900 prior to 1.0.3.10, R9000 prior to 1.0.3.16, WNDR3700v4 prior to 1.0.2.96, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64", sources: [ { db: "NVD", id: "CVE-2018-21144", }, { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "CNVD", id: "CNVD-2021-59166", }, { db: "VULMON", id: "CVE-2018-21144", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-21144", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-016318", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-59166", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1841", trust: 0.6, }, { db: "VULMON", id: "CVE-2018-21144", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59166", }, { db: "VULMON", id: "CVE-2018-21144", }, { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "CNNVD", id: "CNNVD-202004-1841", }, { db: "NVD", id: "CVE-2018-21144", }, ], }, id: "VAR-202004-1580", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-59166", }, ], trust: 1.2320233489999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59166", }, ], }, last_update_date: "2024-11-23T22:16:30.135000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post-Authentication Stack Overflow on Some Routers, PSV-2017-3166", trust: 0.8, url: "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", }, { title: "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-59166)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/284406", }, { title: "Multiple NETGEAR Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116317", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59166", }, { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "CNNVD", id: "CNNVD-202004-1841", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "NVD", id: "CVE-2018-21144", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-21144", }, { trust: 1.7, url: "https://kb.netgear.com/000059489/security-advisory-for-post-authentication-stack-overflow-on-some-routers-psv-2017-3166", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21144", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-59166", }, { db: "VULMON", id: "CVE-2018-21144", }, { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "CNNVD", id: "CNNVD-202004-1841", }, { db: "NVD", id: "CVE-2018-21144", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-59166", }, { db: "VULMON", id: "CVE-2018-21144", }, { db: "JVNDB", id: "JVNDB-2018-016318", }, { db: "CNNVD", id: "CNNVD-202004-1841", }, { db: "NVD", id: "CVE-2018-21144", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59166", }, { date: "2020-04-21T00:00:00", db: "VULMON", id: "CVE-2018-21144", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016318", }, { date: "2020-04-21T00:00:00", db: "CNNVD", id: "CNNVD-202004-1841", }, { date: "2020-04-21T21:15:12.867000", db: "NVD", id: "CVE-2018-21144", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-08T00:00:00", db: "CNVD", id: "CNVD-2021-59166", }, { date: "2020-04-27T00:00:00", db: "VULMON", id: "CVE-2018-21144", }, { date: "2020-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2018-016318", }, { date: "2020-04-28T00:00:00", db: "CNNVD", id: "CNNVD-202004-1841", }, { date: "2024-11-21T04:03:00.497000", db: "NVD", id: "CVE-2018-21144", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1841", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Out-of-bounds write vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-016318", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202004-1841", }, ], trust: 0.6, }, }
var-202004-0776
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR DM200 is a wireless modem. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0776", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.60", }, { model: "r8900", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.12", }, { model: "r9000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.4.12", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.44", }, { model: "d3600", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.75", }, { model: "dm200", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.58", }, { model: "rbk20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbr20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbs20", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbk50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbr50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbs50", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "rbs40", scope: "lt", trust: 1.6, vendor: "netgear", version: "2.3.0.22", }, { model: "wn3100rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.60", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.40", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.70", }, { model: "wn3000rp", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.68", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.58", }, { model: "d3600", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d6000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.75", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.44", }, { model: "dm200", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.58", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.34", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.60", }, { model: "r8900", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.12", }, { model: "r9000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.4.12", }, { model: "rbk20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.22", }, { model: "rbr20", scope: "eq", trust: 0.8, vendor: "netgear", version: "2.3.0.22", }, { model: "wn3000rpv3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.70", }, { model: "wn3000rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, { model: "wn3100rpv2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.60", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.58", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.40", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.68", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-30685", }, { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "NVD", id: "CVE-2019-20714", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d3600_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d6000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:dm200_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r8900_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r9000_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbk20_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:rbr20_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015414", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Wayne Low of Fortinets FortiGuard Labs", sources: [ { db: "CNNVD", id: "CNNVD-202004-1298", }, ], trust: 0.6, }, cve: "CVE-2019-20714", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2019-20714", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2019-015414", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CNVD-2020-30685", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.6, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2019-20714", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve@mitre.org", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, id: "CVE-2019-20714", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2019-015414", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-20714", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2019-20714", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2019-015414", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-30685", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202004-1298", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-30685", }, { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "CNNVD", id: "CNNVD-202004-1298", }, { db: "NVD", id: "CVE-2019-20714", }, { db: "NVD", id: "CVE-2019-20714", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR D3600, etc. are all products of NETGEAR. NETGEAR D3600 is a wireless modem. NETGEAR R7500 is a wireless router. NETGEAR DM200 is a wireless modem. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code", sources: [ { db: "NVD", id: "CVE-2019-20714", }, { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "CNVD", id: "CNVD-2020-30685", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20714", trust: 3, }, { db: "JVNDB", id: "JVNDB-2019-015414", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-30685", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1298", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-30685", }, { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "CNNVD", id: "CNNVD-202004-1298", }, { db: "NVD", id: "CVE-2019-20714", }, ], }, id: "VAR-202004-0776", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-30685", }, ], trust: 1.1352816739130436, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-30685", }, ], }, last_update_date: "2024-11-23T22:37:25.538000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Stored Cross Site Scripting on Some Routers, Gateways, and WiFi System, PSV-2018-0249", trust: 0.8, url: "https://kb.netgear.com/000061214/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2018-0249", }, { title: "Patch for Multiple NETGEAR product cross-site scripting vulnerabilities (CNVD-2020-30685)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/219487", }, { title: "Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116567", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-30685", }, { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "CNNVD", id: "CNNVD-202004-1298", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "NVD", id: "CVE-2019-20714", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20714", }, { trust: 1.6, url: "https://kb.netgear.com/000061214/security-advisory-for-stored-cross-site-scripting-on-some-routers-gateways-and-wifi-system-psv-2018-0249", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20714", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-30685", }, { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "CNNVD", id: "CNNVD-202004-1298", }, { db: "NVD", id: "CVE-2019-20714", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-30685", }, { db: "JVNDB", id: "JVNDB-2019-015414", }, { db: "CNNVD", id: "CNNVD-202004-1298", }, { db: "NVD", id: "CVE-2019-20714", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-29T00:00:00", db: "CNVD", id: "CNVD-2020-30685", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015414", }, { date: "2020-04-16T00:00:00", db: "CNNVD", id: "CNNVD-202004-1298", }, { date: "2020-04-16T19:15:24.777000", db: "NVD", id: "CVE-2019-20714", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-29T00:00:00", db: "CNVD", id: "CNVD-2020-30685", }, { date: "2020-05-19T00:00:00", db: "JVNDB", id: "JVNDB-2019-015414", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1298", }, { date: "2024-11-21T04:39:09.837000", db: "NVD", id: "CVE-2019-20714", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1298", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site scripting vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-015414", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202004-1298", }, ], trust: 0.6, }, }
var-202004-1339
Vulnerability from variot
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500 is a wireless router of NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client. This affects R6100 prior to 1.0.1.12, R7500 prior to 1.0.0.108, WNDR3700v4 prior to 1.0.2.86, WNDR4300v1 prior to 1.0.2.88, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.42
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1339", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.12", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.108", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr3700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.86", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.42", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.12", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.108", }, { model: "wndr3700", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.86", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.88", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.88", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.42", }, { model: "wndr3700v4", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.86", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31321", }, { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "NVD", id: "CVE-2017-18775", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr3700_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014914", }, ], }, cve: "CVE-2017-18775", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2017-18775", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014914", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2020-31321", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18775", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-18775", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014914", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18775", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2017-18775", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2017-014914", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-31321", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1879", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-18775", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31321", }, { db: "VULMON", id: "CVE-2017-18775", }, { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "CNNVD", id: "CNNVD-202004-1879", }, { db: "NVD", id: "CVE-2017-18775", }, { db: "NVD", id: "CVE-2017-18775", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500 is a wireless router of NETGEAR. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client. This affects R6100 prior to 1.0.1.12, R7500 prior to 1.0.0.108, WNDR3700v4 prior to 1.0.2.86, WNDR4300v1 prior to 1.0.2.88, WNDR4300v2 prior to 1.0.0.48, WNDR4500v3 prior to 1.0.0.48, and WNR2000v5 prior to 1.0.0.42", sources: [ { db: "NVD", id: "CVE-2017-18775", }, { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "CNVD", id: "CNVD-2020-31321", }, { db: "VULMON", id: "CVE-2017-18775", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18775", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2017-014914", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-31321", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1879", trust: 0.6, }, { db: "VULMON", id: "CVE-2017-18775", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31321", }, { db: "VULMON", id: "CVE-2017-18775", }, { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "CNNVD", id: "CNNVD-202004-1879", }, { db: "NVD", id: "CVE-2017-18775", }, ], }, id: "VAR-202004-1339", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-31321", }, ], trust: 1.40066802, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31321", }, ], }, last_update_date: "2024-11-23T22:33:28.580000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Cross-Site Request Forgery on Some Routers and Gateways, PSV-2017-0388", trust: 0.8, url: "https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388", }, { title: "Patch for Multiple NETGEAR product cross-site request forgery vulnerabilities (CNVD-2020-31321)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/220059", }, { title: "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116655", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31321", }, { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "CNNVD", id: "CNNVD-202004-1879", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "NVD", id: "CVE-2017-18775", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18775", }, { trust: 1.7, url: "https://kb.netgear.com/000049553/security-advisory-for-cross-site-request-forgery-on-some-routers-and-gateways-psv-2017-0388", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18775", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/352.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31321", }, { db: "VULMON", id: "CVE-2017-18775", }, { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "CNNVD", id: "CNNVD-202004-1879", }, { db: "NVD", id: "CVE-2017-18775", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-31321", }, { db: "VULMON", id: "CVE-2017-18775", }, { db: "JVNDB", id: "JVNDB-2017-014914", }, { db: "CNNVD", id: "CNNVD-202004-1879", }, { db: "NVD", id: "CVE-2017-18775", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31321", }, { date: "2020-04-22T00:00:00", db: "VULMON", id: "CVE-2017-18775", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014914", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1879", }, { date: "2020-04-22T15:15:12.003000", db: "NVD", id: "CVE-2017-18775", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31321", }, { date: "2020-04-24T00:00:00", db: "VULMON", id: "CVE-2017-18775", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014914", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1879", }, { date: "2024-11-21T03:20:53.187000", db: "NVD", id: "CVE-2017-18775", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202004-1879", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Cross-site request forgery vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2017-014914", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-202004-1879", }, ], trust: 0.6, }, }
var-202004-1338
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500, etc. are all products of NETGEAR. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNR2000 is a wireless router.
There are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1338", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "r7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.2.36", }, { model: "d6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.55", }, { model: "r7500", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.0.110", }, { model: "d7800", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.24", }, { model: "r6100", scope: "lt", trust: 1.6, vendor: "netgear", version: "1.0.1.14", }, { model: "ex6150", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.90", }, { model: "r7500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.16", }, { model: "wndr4300", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.48", }, { model: "d6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.55", }, { model: "d7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.24", }, { model: "ex6150", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "r6100", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.1.14", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.110", }, { model: "r7500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.3.16", }, { model: "r7800", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.36", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.2.90", }, { model: "wndr4500", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "wnr2000", scope: "eq", trust: 0.8, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4500v3", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "wndr4300v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "ex6150v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, { model: "r7500v2", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.3.16", }, { model: "wndr4300v1", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.2.90", }, { model: "wnr2000v5", scope: "lt", trust: 0.6, vendor: "netgear", version: "1.0.0.48", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31320", }, { db: "JVNDB", id: "JVNDB-2017-014920", }, { db: "NVD", id: "CVE-2017-18773", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:netgear:d6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:d7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:ex6150_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r6100_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:r7800_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4300_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wndr4500_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/o:netgear:wnr2000_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014920", }, ], }, cve: "CVE-2017-18773", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2017-18773", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2017-014920", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2020-31320", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2017-18773", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "cve@mitre.org", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2017-18773", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2017-014920", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-18773", trust: 1, value: "MEDIUM", }, { author: "cve@mitre.org", id: "CVE-2017-18773", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2017-014920", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-31320", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202004-1878", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31320", }, { db: "JVNDB", id: "JVNDB-2017-014920", }, { db: "CNNVD", id: "CNNVD-202004-1878", }, { db: "NVD", id: "CVE-2017-18773", }, { db: "NVD", id: "CVE-2017-18773", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7500, etc. are all products of NETGEAR. NETGEAR R7500 is a wireless router. NETGEAR D6100 is a wireless modem. NETGEAR WNR2000 is a wireless router. \n\r\n\r\nThere are injection vulnerabilities in many NETGEAR products, which can be exploited by an attacker to cause the system or product to produce an incorrect interpretation or interpretation method", sources: [ { db: "NVD", id: "CVE-2017-18773", }, { db: "JVNDB", id: "JVNDB-2017-014920", }, { db: "CNVD", id: "CNVD-2020-31320", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-18773", trust: 3, }, { db: "JVNDB", id: "JVNDB-2017-014920", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-31320", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202004-1878", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31320", }, { db: "JVNDB", id: "JVNDB-2017-014920", }, { db: "CNNVD", id: "CNNVD-202004-1878", }, { db: "NVD", id: "CVE-2017-18773", }, ], }, id: "VAR-202004-1338", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-31320", }, ], trust: 1.276514745, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31320", }, ], }, last_update_date: "2024-11-23T21:35:53.706000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Post Authentication Command Injection on Some Routers, Gateways, and Extenders, PSV-2017-2184", trust: 0.8, url: "https://kb.netgear.com/000049556/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2184", }, { title: "Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-31320)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/220063", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31320", }, { db: "JVNDB", id: "JVNDB-2017-014920", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-014920", }, { db: "NVD", id: "CVE-2017-18773", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18773", }, { trust: 1.6, url: "https://kb.netgear.com/000049556/security-advisory-for-post-authentication-command-injection-on-some-routers-gateways-and-extenders-psv-2017-2184", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18773", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-31320", }, { db: "JVNDB", id: "JVNDB-2017-014920", }, { db: "CNNVD", id: "CNNVD-202004-1878", }, { db: "NVD", id: "CVE-2017-18773", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-31320", }, { db: "JVNDB", id: "JVNDB-2017-014920", }, { db: "CNNVD", id: "CNNVD-202004-1878", }, { db: "NVD", id: "CVE-2017-18773", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31320", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014920", }, { date: "2020-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202004-1878", }, { date: "2020-04-22T15:15:11.863000", db: "NVD", id: "CVE-2017-18773", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-03T00:00:00", db: "CNVD", id: "CNVD-2020-31320", }, { date: "2020-05-21T00:00:00", db: "JVNDB", id: "JVNDB-2017-014920", }, { date: "2020-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202004-1878", }, { date: "2024-11-21T03:20:53.010000", db: "NVD", id: "CVE-2017-18773", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202004-1878", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Injection vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2017-014920", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-202004-1878", }, ], trust: 0.6, }, }
cve-2017-18705
Vulnerability from cvelistv5
Published
2020-04-24 14:03
Modified
2024-08-05 21:28
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:28:55.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000053197/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0526", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T14:03:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000053197/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0526", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18705", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000053197/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0526", refsource: "CONFIRM", url: "https://kb.netgear.com/000053197/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0526", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18705", datePublished: "2020-04-24T14:03:01", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:28:55.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21196
Vulnerability from cvelistv5
Published
2020-04-28 15:02
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.294Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:02:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21196", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", refsource: "CONFIRM", url: "https://kb.netgear.com/000055153/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2599", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21196", datePublished: "2020-04-28T15:02:21", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.294Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18765
Vulnerability from cvelistv5
Published
2020-04-22 15:41
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:44.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T15:41:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18765", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648", refsource: "CONFIRM", url: "https://kb.netgear.com/000051480/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-0648", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18765", datePublished: "2020-04-22T15:41:12", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:44.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-11059
Vulnerability from cvelistv5
Published
2020-04-28 16:20
Modified
2024-08-06 03:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:47:34.858Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-06T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T16:20:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-11059", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers", refsource: "CONFIRM", url: "https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-11059", datePublished: "2020-04-28T16:20:22", dateReserved: "2020-04-27T00:00:00", dateUpdated: "2024-08-06T03:47:34.858Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21167
Vulnerability from cvelistv5
Published
2020-04-27 17:28
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T17:28:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21167", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093", refsource: "CONFIRM", url: "https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21167", datePublished: "2020-04-27T17:28:35", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20722
Vulnerability from cvelistv5
Published
2020-04-16 17:04
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.722Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061206/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0148", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T17:04:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061206/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0148", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20722", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061206/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0148", refsource: "CONFIRM", url: "https://kb.netgear.com/000061206/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0148", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20722", datePublished: "2020-04-16T17:04:08", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20751
Vulnerability from cvelistv5
Published
2020-04-16 21:01
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.662Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000060964/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T21:01:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000060964/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0171", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20751", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000060964/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0171", refsource: "CONFIRM", url: "https://kb.netgear.com/000060964/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0171", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20751", datePublished: "2020-04-16T21:01:32", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21135
Vulnerability from cvelistv5
Published
2020-04-23 20:02
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:19:27.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000060225/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3165", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-26T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T20:02:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000060225/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3165", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000060225/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3165", refsource: "CONFIRM", url: "https://kb.netgear.com/000060225/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3165", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21135", datePublished: "2020-04-23T20:02:40", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:19:27.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5055
Vulnerability from cvelistv5
Published
2019-09-11 21:10
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgear | N300 WNR2000v5 |
Version: Firmware Version V1.0.0.70 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:47:55.825Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "N300 WNR2000v5", vendor: "Netgear", versions: [ { status: "affected", version: "Firmware Version V1.0.0.70", }, ], }, ], descriptions: [ { lang: "en", value: "An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T17:33:31", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "talos-cna@cisco.com", ID: "CVE-2019-5055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "N300 WNR2000v5", version: { version_data: [ { version_value: "Firmware Version V1.0.0.70", }, ], }, }, ], }, vendor_name: "Netgear", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.", }, ], }, impact: { cvss: { baseScore: 7.5, baseSeverity: "High", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476: NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832", refsource: "MISC", url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0832", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2019-5055", datePublished: "2019-09-11T21:10:22", dateReserved: "2019-01-04T00:00:00", dateUpdated: "2024-08-04T19:47:55.825Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21174
Vulnerability from cvelistv5
Published
2020-04-27 18:22
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055184/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T18:22:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055184/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21174", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055184/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2625", refsource: "CONFIRM", url: "https://kb.netgear.com/000055184/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21174", datePublished: "2020-04-27T18:22:06", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21224
Vulnerability from cvelistv5
Published
2020-04-28 16:28
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055113/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2456", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T16:28:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055113/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2456", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21224", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055113/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2456", refsource: "CONFIRM", url: "https://kb.netgear.com/000055113/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2456", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21224", datePublished: "2020-04-28T16:28:05", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21149
Vulnerability from cvelistv5
Published
2020-04-27 17:08
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.054Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3156", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T17:08:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3156", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21149", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3156", refsource: "CONFIRM", url: "https://kb.netgear.com/000059484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3156", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21149", datePublished: "2020-04-27T17:08:06", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.054Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46423
Vulnerability from cvelistv5
Published
2022-12-20 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:31:46.350Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.netgear.com/about/security/", }, { tags: [ "x_transferred", ], url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.netgear.com/about/security/", }, { url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46423", datePublished: "2022-12-20T00:00:00", dateReserved: "2022-12-05T00:00:00", dateUpdated: "2024-08-03T14:31:46.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21180
Vulnerability from cvelistv5
Published
2020-04-27 20:10
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055178/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2619", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T20:10:48", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055178/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2619", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21180", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055178/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2619", refsource: "CONFIRM", url: "https://kb.netgear.com/000055178/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2619", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21180", datePublished: "2020-04-27T20:10:48", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18738
Vulnerability from cvelistv5
Published
2020-04-23 16:04
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:44.182Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T16:04:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18738", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706", refsource: "CONFIRM", url: "https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18738", datePublished: "2020-04-23T16:04:20", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:44.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21177
Vulnerability from cvelistv5
Published
2020-04-27 19:48
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T19:48:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21177", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622", refsource: "CONFIRM", url: "https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21177", datePublished: "2020-04-27T19:48:30", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21179
Vulnerability from cvelistv5
Published
2020-04-27 20:10
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T20:10:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21179", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620", refsource: "CONFIRM", url: "https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21179", datePublished: "2020-04-27T20:10:09", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18706
Vulnerability from cvelistv5
Published
2020-04-24 14:01
Modified
2024-08-05 21:28
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:28:55.948Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T14:01:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18706", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516", refsource: "CONFIRM", url: "https://kb.netgear.com/000053196/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0516", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18706", datePublished: "2020-04-24T14:01:32", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:28:55.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21145
Vulnerability from cvelistv5
Published
2020-04-21 21:03
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.320Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059488/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3160", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-21T21:03:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059488/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3160", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059488/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3160", refsource: "CONFIRM", url: "https://kb.netgear.com/000059488/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3160", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21145", datePublished: "2020-04-21T21:03:08", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18773
Vulnerability from cvelistv5
Published
2020-04-22 14:46
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:44.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000049556/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2184", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T14:46:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000049556/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2184", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18773", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000049556/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2184", refsource: "CONFIRM", url: "https://kb.netgear.com/000049556/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2184", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18773", datePublished: "2020-04-22T14:46:18", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:44.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21219
Vulnerability from cvelistv5
Published
2020-04-28 15:44
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.919Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:44:48", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482", refsource: "CONFIRM", url: "https://kb.netgear.com/000055118/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2482", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21219", datePublished: "2020-04-28T15:44:48", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21185
Vulnerability from cvelistv5
Published
2020-04-28 12:54
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T12:54:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21185", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610", refsource: "CONFIRM", url: "https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21185", datePublished: "2020-04-28T12:54:09", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18762
Vulnerability from cvelistv5
Published
2020-04-22 15:44
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.399Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T15:44:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18762", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451", refsource: "CONFIRM", url: "https://kb.netgear.com/000051483/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2017-2451", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18762", datePublished: "2020-04-22T15:44:39", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.399Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21166
Vulnerability from cvelistv5
Published
2020-04-23 21:31
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.508Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-02T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T21:31:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21166", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167", refsource: "CONFIRM", url: "https://kb.netgear.com/000055193/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3167", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21166", datePublished: "2020-04-23T21:31:08", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20747
Vulnerability from cvelistv5
Published
2020-04-16 20:58
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.827Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000060962/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0032", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T20:58:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000060962/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0032", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20747", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000060962/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0032", refsource: "CONFIRM", url: "https://kb.netgear.com/000060962/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0032", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20747", datePublished: "2020-04-16T20:58:15", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.827Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21188
Vulnerability from cvelistv5
Published
2020-04-28 14:56
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.983Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055169/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2607", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:56:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055169/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2607", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21188", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055169/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2607", refsource: "CONFIRM", url: "https://kb.netgear.com/000055169/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2607", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21188", datePublished: "2020-04-28T14:56:01", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.983Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20727
Vulnerability from cvelistv5
Published
2020-04-16 19:04
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.895Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061201/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0139", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T19:04:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061201/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0139", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20727", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061201/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0139", refsource: "CONFIRM", url: "https://kb.netgear.com/000061201/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0139", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20727", datePublished: "2020-04-16T19:04:09", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.895Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21186
Vulnerability from cvelistv5
Published
2020-04-28 14:54
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055172/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2609", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:54:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055172/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2609", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21186", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055172/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2609", refsource: "CONFIRM", url: "https://kb.netgear.com/000055172/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2609", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21186", datePublished: "2020-04-28T14:54:13", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.285Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20688
Vulnerability from cvelistv5
Published
2020-04-16 14:23
Modified
2024-08-05 02:46
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:46:10.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061451/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0142", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T14:23:55", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061451/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0142", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20688", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061451/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0142", refsource: "CONFIRM", url: "https://kb.netgear.com/000061451/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0142", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20688", datePublished: "2020-04-16T14:23:55", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:46:10.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21195
Vulnerability from cvelistv5
Published
2020-04-28 15:01
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:01:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21195", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600", refsource: "CONFIRM", url: "https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21195", datePublished: "2020-04-28T15:01:44", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20714
Vulnerability from cvelistv5
Published
2020-04-16 15:39
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:07.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061214/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2018-0249", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T15:39:29", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061214/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2018-0249", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20714", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061214/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2018-0249", refsource: "CONFIRM", url: "https://kb.netgear.com/000061214/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2018-0249", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20714", datePublished: "2020-04-16T15:39:29", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:07.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21148
Vulnerability from cvelistv5
Published
2020-04-21 21:08
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.303Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3157", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-21T21:08:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3157", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21148", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3157", refsource: "CONFIRM", url: "https://kb.netgear.com/000059485/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3157", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21148", datePublished: "2020-04-21T21:08:00", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.303Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21155
Vulnerability from cvelistv5
Published
2020-04-27 17:12
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-and-Routers-PSV-2017-3101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:L/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T17:12:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-and-Routers-PSV-2017-3101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21155", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:L/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-and-Routers-PSV-2017-3101", refsource: "CONFIRM", url: "https://kb.netgear.com/000059478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-and-Routers-PSV-2017-3101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21155", datePublished: "2020-04-27T17:12:46", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20728
Vulnerability from cvelistv5
Published
2020-04-16 19:05
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.903Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061199/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2017-315", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:L/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T19:05:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061199/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2017-315", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20728", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:L/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061199/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2017-315", refsource: "CONFIRM", url: "https://kb.netgear.com/000061199/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2017-315", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20728", datePublished: "2020-04-16T19:05:04", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.903Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21175
Vulnerability from cvelistv5
Published
2020-04-27 19:39
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T19:39:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21175", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624", refsource: "CONFIRM", url: "https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21175", datePublished: "2020-04-27T19:39:47", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20746
Vulnerability from cvelistv5
Published
2020-04-16 20:57
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:09.332Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T20:57:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20746", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252", refsource: "CONFIRM", url: "https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20746", datePublished: "2020-04-16T20:57:38", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:09.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21222
Vulnerability from cvelistv5
Published
2020-04-28 16:24
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055115/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2458", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T16:24:51", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055115/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2458", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21222", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055115/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2458", refsource: "CONFIRM", url: "https://kb.netgear.com/000055115/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2458", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21222", datePublished: "2020-04-28T16:24:51", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5054
Vulnerability from cvelistv5
Published
2019-09-11 21:09
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgear | N300 WNR2000v5 |
Version: Firmware Version V1.0.0.70 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:47:55.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "N300 WNR2000v5", vendor: "Netgear", versions: [ { status: "affected", version: "Firmware Version V1.0.0.70", }, ], }, ], descriptions: [ { lang: "en", value: "An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T17:33:30", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "talos-cna@cisco.com", ID: "CVE-2019-5054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "N300 WNR2000v5", version: { version_data: [ { version_value: "Firmware Version V1.0.0.70", }, ], }, }, ], }, vendor_name: "Netgear", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.", }, ], }, impact: { cvss: { baseScore: 7.5, baseSeverity: "High", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476: NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831", refsource: "MISC", url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2019-5054", datePublished: "2019-09-11T21:09:39", dateReserved: "2019-01-04T00:00:00", dateUpdated: "2024-08-04T19:47:55.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18749
Vulnerability from cvelistv5
Published
2020-04-23 15:25
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.976Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T15:25:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18749", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101", refsource: "CONFIRM", url: "https://kb.netgear.com/000051505/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2016-0101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18749", datePublished: "2020-04-23T15:25:38", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.976Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21187
Vulnerability from cvelistv5
Published
2020-04-28 14:54
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:54:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21187", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608", refsource: "CONFIRM", url: "https://kb.netgear.com/000055170/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2608", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21187", datePublished: "2020-04-28T14:54:53", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.518Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18754
Vulnerability from cvelistv5
Published
2020-04-22 16:12
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:44.048Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T16:12:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18754", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329", refsource: "CONFIRM", url: "https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18754", datePublished: "2020-04-22T16:12:35", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:44.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21144
Vulnerability from cvelistv5
Published
2020-04-21 21:01
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-21T21:01:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21144", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.16, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", refsource: "CONFIRM", url: "https://kb.netgear.com/000059489/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-3166", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21144", datePublished: "2020-04-21T21:01:07", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18772
Vulnerability from cvelistv5
Published
2020-04-22 14:47
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T14:47:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18772", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424", refsource: "CONFIRM", url: "https://kb.netgear.com/000051471/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Extenders-PSV-2017-0424", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18772", datePublished: "2020-04-22T14:47:17", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21178
Vulnerability from cvelistv5
Published
2020-04-27 20:09
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055180/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2621", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T20:09:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055180/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2621", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21178", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055180/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2621", refsource: "CONFIRM", url: "https://kb.netgear.com/000055180/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2621", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21178", datePublished: "2020-04-27T20:09:01", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21192
Vulnerability from cvelistv5
Published
2020-04-28 14:58
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.351Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055165/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2603", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:58:48", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055165/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2603", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21192", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055165/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2603", refsource: "CONFIRM", url: "https://kb.netgear.com/000055165/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2603", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21192", datePublished: "2020-04-28T14:58:48", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.351Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18775
Vulnerability from cvelistv5
Published
2020-04-22 14:44
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.990Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T14:44:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18775", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388", refsource: "CONFIRM", url: "https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18775", datePublished: "2020-04-22T14:44:20", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.990Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18766
Vulnerability from cvelistv5
Published
2020-04-22 15:40
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.857Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T15:40:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18766", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425", refsource: "CONFIRM", url: "https://kb.netgear.com/000051479/Security-Advisory-for-Arbitrary-File-Read-on-DST6501-and-WNR2000v2-PSV-2017-0425", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18766", datePublished: "2020-04-22T15:40:13", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.857Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21111
Vulnerability from cvelistv5
Published
2020-04-22 14:23
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:19:27.631Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000060440/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0115", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-07T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T14:23:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000060440/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0115", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21111", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000060440/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0115", refsource: "CONFIRM", url: "https://kb.netgear.com/000060440/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0115", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21111", datePublished: "2020-04-22T14:23:27", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:19:27.631Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21189
Vulnerability from cvelistv5
Published
2020-04-28 14:57
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21189", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606", refsource: "CONFIRM", url: "https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21189", datePublished: "2020-04-28T14:57:01", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18788
Vulnerability from cvelistv5
Published
2020-04-22 13:42
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.975Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T13:42:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18788", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947", refsource: "CONFIRM", url: "https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18788", datePublished: "2020-04-22T13:42:30", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20689
Vulnerability from cvelistv5
Published
2020-04-16 14:24
Modified
2024-08-05 02:46
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:46:10.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T14:24:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20689", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3100RPv2 before 1.0.0.60, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132", refsource: "CONFIRM", url: "https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20689", datePublished: "2020-04-16T14:24:35", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:46:10.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21190
Vulnerability from cvelistv5
Published
2020-04-28 14:57
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.204Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:57:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21190", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605", refsource: "CONFIRM", url: "https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21190", datePublished: "2020-04-28T14:57:41", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20725
Vulnerability from cvelistv5
Published
2020-04-16 19:01
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T19:01:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20725", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", refsource: "CONFIRM", url: "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20725", datePublished: "2020-04-16T19:01:52", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21194
Vulnerability from cvelistv5
Published
2020-04-28 15:00
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:00:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21194", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601", refsource: "CONFIRM", url: "https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21194", datePublished: "2020-04-28T15:00:23", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18703
Vulnerability from cvelistv5
Published
2020-04-24 14:08
Modified
2024-08-05 21:28
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:28:56.070Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T14:08:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18703", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736", refsource: "CONFIRM", url: "https://kb.netgear.com/000053199/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0736", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18703", datePublished: "2020-04-24T14:08:11", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:28:56.070Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21173
Vulnerability from cvelistv5
Published
2020-04-27 17:39
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.274Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T17:39:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21173", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627", refsource: "CONFIRM", url: "https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21173", datePublished: "2020-04-27T17:39:46", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46422
Vulnerability from cvelistv5
Published
2022-12-20 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:31:46.330Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.netgear.com/about/security/", }, { tags: [ "x_transferred", ], url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1bFKBWwi", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.netgear.com/about/security/", }, { url: "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1bFKBWwi", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46422", datePublished: "2022-12-20T00:00:00", dateReserved: "2022-12-05T00:00:00", dateUpdated: "2024-08-03T14:31:46.330Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38514
Vulnerability from cvelistv5
Published
2021-08-10 23:54
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000063757/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2017-2449", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-10T23:54:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000063757/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2017-2449", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38514", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000063757/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2017-2449", refsource: "MISC", url: "https://kb.netgear.com/000063757/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2017-2449", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38514", datePublished: "2021-08-10T23:54:27", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-04T01:44:23.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21141
Vulnerability from cvelistv5
Published
2020-04-21 20:57
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-21T20:57:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21141", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168", refsource: "CONFIRM", url: "https://kb.netgear.com/000059492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3168", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21141", datePublished: "2020-04-21T20:57:19", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.322Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20723
Vulnerability from cvelistv5
Published
2020-04-16 17:05
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T17:05:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20723", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146", refsource: "CONFIRM", url: "https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20723", datePublished: "2020-04-16T17:05:44", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21220
Vulnerability from cvelistv5
Published
2020-04-28 15:46
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055117/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2481", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:46:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055117/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2481", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21220", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055117/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2481", refsource: "CONFIRM", url: "https://kb.netgear.com/000055117/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2481", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21220", datePublished: "2020-04-28T15:46:27", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50089
Vulnerability from cvelistv5
Published
2023-12-15 00:00
Modified
2024-11-26 15:05
Severity ?
EPSS score ?
Summary
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:09:49.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.netgear.com/about/security/", }, { tags: [ "x_transferred", ], url: "https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-50089", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T15:04:53.419619Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T15:05:22.907Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-15T16:48:40.975174", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.netgear.com/about/security/", }, { url: "https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-50089", datePublished: "2023-12-15T00:00:00", dateReserved: "2023-12-04T00:00:00", dateUpdated: "2024-11-26T15:05:22.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21223
Vulnerability from cvelistv5
Published
2020-04-28 16:26
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055114/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2457", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T16:26:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055114/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2457", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21223", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055114/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2457", refsource: "CONFIRM", url: "https://kb.netgear.com/000055114/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2457", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21223", datePublished: "2020-04-28T16:26:40", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20721
Vulnerability from cvelistv5
Published
2020-04-16 16:19
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:07.558Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T16:19:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20721", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159", refsource: "CONFIRM", url: "https://kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20721", datePublished: "2020-04-16T16:19:28", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:07.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20724
Vulnerability from cvelistv5
Published
2020-04-16 19:00
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T19:00:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20724", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", refsource: "CONFIRM", url: "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20724", datePublished: "2020-04-16T19:00:20", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21197
Vulnerability from cvelistv5
Published
2020-04-28 15:03
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.686Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:03:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21197", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596", refsource: "CONFIRM", url: "https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21197", datePublished: "2020-04-28T15:03:19", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.686Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21193
Vulnerability from cvelistv5
Published
2020-04-28 14:59
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055164/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2602", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:59:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055164/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2602", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21193", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055164/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2602", refsource: "CONFIRM", url: "https://kb.netgear.com/000055164/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2602", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21193", datePublished: "2020-04-28T14:59:45", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21142
Vulnerability from cvelistv5
Published
2020-04-23 20:13
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.306Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T20:13:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21142", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169", refsource: "CONFIRM", url: "https://kb.netgear.com/000059491/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3169", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21142", datePublished: "2020-04-23T20:13:41", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21198
Vulnerability from cvelistv5
Published
2020-04-28 15:04
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.393Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055151/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2594", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:04:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055151/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2594", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21198", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055151/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2594", refsource: "CONFIRM", url: "https://kb.netgear.com/000055151/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2594", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21198", datePublished: "2020-04-28T15:04:12", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.393Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21231
Vulnerability from cvelistv5
Published
2020-04-24 14:22
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1.78, JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1.78, JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T14:22:48", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21231", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1.78, JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102", refsource: "CONFIRM", url: "https://kb.netgear.com/000055103/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0102", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21231", datePublished: "2020-04-24T14:22:48", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21191
Vulnerability from cvelistv5
Published
2020-04-28 14:58
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055166/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2604", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T14:58:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055166/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2604", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21191", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055166/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2604", refsource: "CONFIRM", url: "https://kb.netgear.com/000055166/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2604", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21191", datePublished: "2020-04-28T14:58:14", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21201
Vulnerability from cvelistv5
Published
2020-04-28 15:07
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055148/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2591", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:07:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055148/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2591", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055148/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2591", refsource: "CONFIRM", url: "https://kb.netgear.com/000055148/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2591", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21201", datePublished: "2020-04-28T15:07:27", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20735
Vulnerability from cvelistv5
Published
2020-04-16 19:13
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.896Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061191/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0138", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T19:13:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061191/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0138", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20735", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061191/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0138", refsource: "CONFIRM", url: "https://kb.netgear.com/000061191/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0138", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20735", datePublished: "2020-04-16T19:13:41", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.896Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21218
Vulnerability from cvelistv5
Published
2020-04-28 15:43
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:43:54", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21218", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483", refsource: "CONFIRM", url: "https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21218", datePublished: "2020-04-28T15:43:54", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21150
Vulnerability from cvelistv5
Published
2020-04-22 19:55
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:37.919Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-22T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T19:55:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21150", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155", refsource: "CONFIRM", url: "https://kb.netgear.com/000059483/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21150", datePublished: "2020-04-22T19:55:42", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:37.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21153
Vulnerability from cvelistv5
Published
2020-04-27 17:10
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:38.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000059480/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Gateways-Routers-and-Extenders-PSV-2017-3136", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T17:10:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000059480/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Gateways-Routers-and-Extenders-PSV-2017-3136", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21153", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000059480/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Gateways-Routers-and-Extenders-PSV-2017-3136", refsource: "CONFIRM", url: "https://kb.netgear.com/000059480/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Gateways-Routers-and-Extenders-PSV-2017-3136", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21153", datePublished: "2020-04-27T17:10:47", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:38.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20752
Vulnerability from cvelistv5
Published
2020-04-16 21:04
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:09.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000060967/Security-Advisory-for-Site-Stored-Cross-Scripting-on-Some-Gateways-Routers-and-WiFi-Systems-PSV-2018-0250", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T21:04:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000060967/Security-Advisory-for-Site-Stored-Cross-Scripting-on-Some-Gateways-Routers-and-WiFi-Systems-PSV-2018-0250", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20752", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000060967/Security-Advisory-for-Site-Stored-Cross-Scripting-on-Some-Gateways-Routers-and-WiFi-Systems-PSV-2018-0250", refsource: "CONFIRM", url: "https://kb.netgear.com/000060967/Security-Advisory-for-Site-Stored-Cross-Scripting-on-Some-Gateways-Routers-and-WiFi-Systems-PSV-2018-0250", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20752", datePublished: "2020-04-16T21:04:31", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:09.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20767
Vulnerability from cvelistv5
Published
2020-04-15 13:42
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T13:42:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20767", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116", refsource: "CONFIRM", url: "https://kb.netgear.com/000060632/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0116", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20767", datePublished: "2020-04-15T13:42:05", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20738
Vulnerability from cvelistv5
Published
2020-04-16 19:17
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-05T22:26:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20738", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100", refsource: "CONFIRM", url: "https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20738", datePublished: "2020-04-16T19:17:40", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18776
Vulnerability from cvelistv5
Published
2020-04-22 14:43
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:44.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T14:43:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18776", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387", refsource: "CONFIRM", url: "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18776", datePublished: "2020-04-22T14:43:25", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:44.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21172
Vulnerability from cvelistv5
Published
2020-04-27 17:38
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.153Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055186/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2631", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T17:38:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055186/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2631", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21172", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055186/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2631", refsource: "CONFIRM", url: "https://kb.netgear.com/000055186/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2631", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21172", datePublished: "2020-04-27T17:38:02", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18866
Vulnerability from cvelistv5
Published
2020-05-05 13:47
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:44.306Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-05T13:47:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18866", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100", refsource: "MISC", url: "https://kb.netgear.com/000051472/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-PSV-2016-0100", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18866", datePublished: "2020-05-05T13:47:53", dateReserved: "2020-05-05T00:00:00", dateUpdated: "2024-08-05T21:37:44.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18785
Vulnerability from cvelistv5
Published
2020-04-22 14:23
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:44.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:L/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T14:23:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18785", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:L/A:N/C:L/I:L/PR:H/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950", refsource: "CONFIRM", url: "https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18785", datePublished: "2020-04-22T14:23:04", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:44.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20736
Vulnerability from cvelistv5
Published
2020-04-16 19:14
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061190/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0133", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T19:14:48", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061190/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0133", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20736", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061190/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0133", refsource: "CONFIRM", url: "https://kb.netgear.com/000061190/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0133", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20736", datePublished: "2020-04-16T19:14:48", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21230
Vulnerability from cvelistv5
Published
2020-04-24 14:26
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1., JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.309Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055104/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0117", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1., JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T14:26:58", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055104/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0117", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21230", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1., JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055104/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0117", refsource: "CONFIRM", url: "https://kb.netgear.com/000055104/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2016-0117", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21230", datePublished: "2020-04-24T14:26:58", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.309Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21176
Vulnerability from cvelistv5
Published
2020-04-27 19:40
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.114Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-27T19:40:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21176", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623", refsource: "CONFIRM", url: "https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21176", datePublished: "2020-04-27T19:40:53", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18740
Vulnerability from cvelistv5
Published
2020-04-23 16:00
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:L/C:L/I:L/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T16:00:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18740", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:L/C:L/I:L/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615", refsource: "CONFIRM", url: "https://kb.netgear.com/000051515/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2017-0615", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18740", datePublished: "2020-04-23T16:00:10", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20726
Vulnerability from cvelistv5
Published
2020-04-16 19:02
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:08.658Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-16T19:02:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20726", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", refsource: "CONFIRM", url: "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20726", datePublished: "2020-04-16T19:02:25", dateReserved: "2020-04-15T00:00:00", dateUpdated: "2024-08-05T02:53:08.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21211
Vulnerability from cvelistv5
Published
2020-04-28 15:34
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T15:34:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21211", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491", refsource: "CONFIRM", url: "https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21211", datePublished: "2020-04-28T15:34:28", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18764
Vulnerability from cvelistv5
Published
2020-04-22 15:42
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:37:43.920Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-22T15:42:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18764", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210", refsource: "CONFIRM", url: "https://kb.netgear.com/000051481/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2210", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18764", datePublished: "2020-04-22T15:42:38", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T21:37:43.920Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21165
Vulnerability from cvelistv5
Published
2020-04-23 21:22
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-02T00:00:00", descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T21:22:55", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21165", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170", refsource: "CONFIRM", url: "https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21165", datePublished: "2020-04-23T21:22:55", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21181
Vulnerability from cvelistv5
Published
2020-04-28 12:47
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.308Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/000055177/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2618", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-28T12:47:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/000055177/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2618", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21181", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000055177/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2618", refsource: "CONFIRM", url: "https://kb.netgear.com/000055177/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2618", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21181", datePublished: "2020-04-28T12:47:24", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-05T12:26:39.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }