cnvd - cnvd-2020-31322

cnvd-2020-31322

Vulnerability from cnvd

Title: 多款NETGEAR产品授权问题漏洞（CNVD-2020-31322）

Description:

NETGEAR D7000等都是美国网件（NETGEAR）公司的产品。NETGEAR D7000是一款无线调制解调器。NETGEAR R7500是一款无线路由器。NETGEAR WNR2000是一款无线路由器。

多款NETGEAR产品中存在授权问题漏洞，攻击者可利用该漏洞绕过身份验证。

Severity: 中

Patch Name: 多款NETGEAR产品授权问题漏洞（CNVD-2020-31322）的补丁

Patch Description:

NETGEAR D7000等都是美国网件（NETGEAR）公司的产品。NETGEAR D7000是一款无线调制解调器。NETGEAR R7500是一款无线路由器。NETGEAR WNR2000是一款无线路由器。

多款NETGEAR产品中存在授权问题漏洞，攻击者可利用该漏洞绕过身份验证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-18776

Impacted products

Name
['NETGEAR WNDR4500v3 <1.0.0.48', 'NETGEAR WNDR4300v2 <1.0.0.48', 'NETGEAR R6220 <1.1.0.50', 'NETGEAR D7000 <1.0.1.50', 'NETGEAR D6100 <1.0.0.55', 'NETGEAR D7800 <1.0.1.24', 'NETGEAR JNR1010v2 <1.1.0.40', 'NETGEAR JWNR2010v5 <1.1.0.40', 'NETGEAR R6100 <1.0.1.12', 'NETGEAR R7500 <1.0.0.108', 'NETGEAR R7500v2 <1.0.3.10', 'NETGEAR WNDR4300v1 <1.0.2.88', 'NetGear WNR1000v4 <1.1.0.40', 'Netgear WNR2000v5 <1.0.0.42', 'NETGEAR WNR2020 <1.1.0.40', 'NETGEAR WNR2050 <1.1.0.40']

Name

['NETGEAR WNDR4500v3 <1.0.0.48', 'NETGEAR WNDR4300v2 <1.0.0.48', 'NETGEAR R6220 <1.1.0.50', 'NETGEAR D7000 <1.0.1.50', 'NETGEAR D6100 <1.0.0.55', 'NETGEAR D7800 <1.0.1.24', 'NETGEAR JNR1010v2 <1.1.0.40', 'NETGEAR JWNR2010v5 <1.1.0.40', 'NETGEAR R6100 <1.0.1.12', 'NETGEAR R7500 <1.0.0.108', 'NETGEAR R7500v2 <1.0.3.10', 'NETGEAR WNDR4300v1 <1.0.2.88', 'NetGear WNR1000v4 <1.1.0.40', 'Netgear WNR2000v5 <1.0.0.42', 'NETGEAR WNR2020 <1.1.0.40', 'NETGEAR WNR2050 <1.1.0.40']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-18776"
    }
  },
  "description": "NETGEAR D7000\u7b49\u90fd\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NETGEAR D7000\u662f\u4e00\u6b3e\u65e0\u7ebf\u8c03\u5236\u89e3\u8c03\u5668\u3002NETGEAR R7500\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002NETGEAR WNR2000\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\n\u591a\u6b3eNETGEAR\u4ea7\u54c1\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31322",
  "openTime": "2020-06-03",
  "patchDescription": "NETGEAR D7000\u7b49\u90fd\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NETGEAR D7000\u662f\u4e00\u6b3e\u65e0\u7ebf\u8c03\u5236\u89e3\u8c03\u5668\u3002NETGEAR R7500\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002NETGEAR WNR2000\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\n\u591a\u6b3eNETGEAR\u4ea7\u54c1\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eNETGEAR\u4ea7\u54c1\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2020-31322\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NETGEAR WNDR4500v3 \u003c1.0.0.48",
      "NETGEAR WNDR4300v2 \u003c1.0.0.48",
      "NETGEAR R6220 \u003c1.1.0.50",
      "NETGEAR D7000 \u003c1.0.1.50",
      "NETGEAR D6100 \u003c1.0.0.55",
      "NETGEAR D7800 \u003c1.0.1.24",
      "NETGEAR JNR1010v2 \u003c1.1.0.40",
      "NETGEAR JWNR2010v5 \u003c1.1.0.40",
      "NETGEAR R6100 \u003c1.0.1.12",
      "NETGEAR R7500 \u003c1.0.0.108",
      "NETGEAR R7500v2 \u003c1.0.3.10",
      "NETGEAR WNDR4300v1 \u003c1.0.2.88",
      "NetGear WNR1000v4 \u003c1.1.0.40",
      "Netgear WNR2000v5 \u003c1.0.0.42",
      "NETGEAR WNR2020 \u003c1.1.0.40",
      "NETGEAR WNR2050 \u003c1.1.0.40"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18776",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-23",
  "title": "\u591a\u6b3eNETGEAR\u4ea7\u54c1\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2020-31322\uff09"
}

CVE-2017-18776 (GCVE-0-2017-18776)

Vulnerability from cvelistv5

Published

2020-04-22 14:43

Modified

2024-08-05 21:37

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.

References

▼	URL	Tags
	https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:37:44.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-22T14:43:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18776",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387",
              "refsource": "CONFIRM",
              "url": "https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18776",
    "datePublished": "2020-04-22T14:43:25",
    "dateReserved": "2020-04-20T00:00:00",
    "dateUpdated": "2024-08-05T21:37:44.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted