cnvd - cnvd-2020-31239

cnvd-2020-31239

Vulnerability from cnvd

Title: 多款NETGEAR产品跨站脚本漏洞（CNVD-2020-31239）

Description:

NETGEAR D6200等都是美国网件（NETGEAR）公司的产品。NETGEAR D6200是一款无线调制解调器。NETGEAR WNR2020是一款无线路由器。NETGEAR R6220是一款无线路由器。

多款NETGEAR产品中存在跨站脚本漏洞，该漏洞源于WEB应用缺少对客户端数据的正确验证，攻击者可利用该漏洞执行客户端代码。

Severity: 中

Patch Name: 多款NETGEAR产品跨站脚本漏洞（CNVD-2020-31239）的补丁

Patch Description:

NETGEAR D6200等都是美国网件（NETGEAR）公司的产品。NETGEAR D6200是一款无线调制解调器。NETGEAR WNR2020是一款无线路由器。NETGEAR R6220是一款无线路由器。

多款NETGEAR产品中存在跨站脚本漏洞，该漏洞源于WEB应用缺少对客户端数据的正确验证，攻击者可利用该漏洞执行客户端代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-18784

Impacted products

Name
['NETGEAR D6200 <1.1.00.24', 'NETGEAR R6120 <1.0.0.36', 'NETGEAR R6020 <1.0.0.26', 'NETGEAR R6080 <1.0.0.26', 'NETGEAR R6220 <1.1.0.60', 'NETGEAR JNR1010v2 <1.1.0.44', 'NETGEAR JWNR2010v5 <1.1.0.44', 'NETGEAR PR2000 <1.0.0.20', 'NETGEAR R6050 <1.0.1.12', 'NetGear WNR1000v4 <1.1.0.44', 'NETGEAR WNR2020 <1.1.0.44', 'NETGEAR WNR2050 <1.1.0.44', 'NETGEAR D7000 <1.0.1.52', 'NETGEAR R6800 <1.2.0.12', 'NETGEAR R6900v2 <1.2.0.12', 'NETGEAR R6700v2 <1.2.0.12', 'NETGEAR WNDR3700v5 <1.1.0.50']

Name

['NETGEAR D6200 <1.1.00.24', 'NETGEAR R6120 <1.0.0.36', 'NETGEAR R6020 <1.0.0.26', 'NETGEAR R6080 <1.0.0.26', 'NETGEAR R6220 <1.1.0.60', 'NETGEAR JNR1010v2 <1.1.0.44', 'NETGEAR JWNR2010v5 <1.1.0.44', 'NETGEAR PR2000 <1.0.0.20', 'NETGEAR R6050 <1.0.1.12', 'NetGear WNR1000v4 <1.1.0.44', 'NETGEAR WNR2020 <1.1.0.44', 'NETGEAR WNR2050 <1.1.0.44', 'NETGEAR D7000 <1.0.1.52', 'NETGEAR R6800 <1.2.0.12', 'NETGEAR R6900v2 <1.2.0.12', 'NETGEAR R6700v2 <1.2.0.12', 'NETGEAR WNDR3700v5 <1.1.0.50']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-18784"
    }
  },
  "description": "NETGEAR D6200\u7b49\u90fd\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NETGEAR D6200\u662f\u4e00\u6b3e\u65e0\u7ebf\u8c03\u5236\u89e3\u8c03\u5668\u3002NETGEAR WNR2020\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002NETGEAR R6220\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\n\u591a\u6b3eNETGEAR\u4ea7\u54c1\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31239",
  "openTime": "2020-06-02",
  "patchDescription": "NETGEAR D6200\u7b49\u90fd\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NETGEAR D6200\u662f\u4e00\u6b3e\u65e0\u7ebf\u8c03\u5236\u89e3\u8c03\u5668\u3002NETGEAR WNR2020\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002NETGEAR R6220\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\n\u591a\u6b3eNETGEAR\u4ea7\u54c1\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eNETGEAR\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-31239\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NETGEAR D6200 \u003c1.1.00.24",
      "NETGEAR R6120 \u003c1.0.0.36",
      "NETGEAR R6020 \u003c1.0.0.26",
      "NETGEAR R6080 \u003c1.0.0.26",
      "NETGEAR R6220 \u003c1.1.0.60",
      "NETGEAR JNR1010v2 \u003c1.1.0.44",
      "NETGEAR JWNR2010v5 \u003c1.1.0.44",
      "NETGEAR PR2000 \u003c1.0.0.20",
      "NETGEAR R6050 \u003c1.0.1.12",
      "NetGear WNR1000v4 \u003c1.1.0.44",
      "NETGEAR WNR2020 \u003c1.1.0.44",
      "NETGEAR WNR2050 \u003c1.1.0.44",
      "NETGEAR D7000 \u003c1.0.1.52",
      "NETGEAR R6800 \u003c1.2.0.12",
      "NETGEAR R6900v2 \u003c1.2.0.12",
      "NETGEAR R6700v2 \u003c1.2.0.12",
      "NETGEAR WNDR3700v5 \u003c1.1.0.50"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18784",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-23",
  "title": "\u591a\u6b3eNETGEAR\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-31239\uff09"
}

CVE-2017-18784 (GCVE-0-2017-18784)

Vulnerability from cvelistv5

Published

2020-04-22 14:25

Modified

2024-08-05 21:37

Severity ?

5.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Summary

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

References

▼	URL	Tags
	https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:37:44.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:L/I:L/PR:N/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-22T14:25:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18784",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:L/I:L/PR:N/S:C/UI:R",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951",
              "refsource": "CONFIRM",
              "url": "https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18784",
    "datePublished": "2020-04-22T14:25:17",
    "dateReserved": "2020-04-20T00:00:00",
    "dateUpdated": "2024-08-05T21:37:44.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted