Vulnerabilites related to netgear - gs108t
cve-2021-45677
Vulnerability from cvelistv5
Published
2021-12-26 00:23
Modified
2024-08-04 04:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:01.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000064448/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Smart-Managed-Pro-Switches-PSV-2019-0191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T00:23:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000064448/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Smart-Managed-Pro-Switches-PSV-2019-0191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000064448/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Smart-Managed-Pro-Switches-PSV-2019-0191",
"refsource": "MISC",
"url": "https://kb.netgear.com/000064448/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Smart-Managed-Pro-Switches-PSV-2019-0191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45677",
"datePublished": "2021-12-26T00:23:11",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:47:01.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | gs108t_firmware | * | |
| netgear | gs108t | v2 | |
| netgear | gs110tp_firmware | * | |
| netgear | gs110tp | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "017F37E5-F12A-4F89-A65F-9344009EBBC9",
"versionEndExcluding": "5.4.2.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108t:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B77C7A93-1FE7-433F-9049-8F40BB071AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs110tp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6886B1C4-5480-4880-B436-7DBAA6C92046",
"versionEndExcluding": "5.4.2.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs110tp:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECDB88D-8257-4F2A-9C2E-71F100F7996E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a GS108Tv2 versiones anteriores a 5.4.2.36 y GS110TPv2 versiones anteriores a 5.4.2.36"
}
],
"id": "CVE-2021-45677",
"lastModified": "2024-11-21T06:32:51.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T01:15:21.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064448/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Smart-Managed-Pro-Switches-PSV-2019-0191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000064448/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Smart-Managed-Pro-Switches-PSV-2019-0191"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202109-1135
Vulnerability from variot
Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR Smart Switch products contain an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear NETGEAR is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks.
A variety of NETGEAR switches have authorization issue vulnerabilities, which are caused by the failure of the password field in the product's Web UI to correctly process user input data. Attackers can use this vulnerability to cause malicious file creation and privilege escalation. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gc108p",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.8.2"
},
{
"model": "gc108pp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.8.2"
},
{
"model": "gs110tpp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs110tup",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.5.3"
},
{
"model": "gs308t",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.3.2"
},
{
"model": "gs310tp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.3.2"
},
{
"model": "gs110tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "ms510txm",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs724tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs728tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs716tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs108t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs716tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs750e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.10"
},
{
"model": "gs724tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs728tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs752tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs752tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "ms510txup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs710tup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.3"
},
{
"model": "gs308t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108p",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108pp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs108t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs710tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs310tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tpp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs716tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs108tv3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs110tpv3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs710tup",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.0.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"cve": "CVE-2021-41314",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-41314",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-83559",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-41314",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41314",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41314",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41314",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-83559",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-41314",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"db": "VULMON",
"id": "CVE-2021-41314"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1138"
},
{
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR smart switches are affected by a \\n injection in the web UI\u0027s password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the \"2\" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR Smart Switch products contain an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear NETGEAR is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks. \n\r\n\r\nA variety of NETGEAR switches have authorization issue vulnerabilities, which are caused by the failure of the password field in the product\u0027s Web UI to correctly process user input data. Attackers can use this vulnerability to cause malicious file creation and privilege escalation. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41314"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"db": "VULMON",
"id": "CVE-2021-41314"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41314",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-83559",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1138",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41314",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"db": "VULMON",
"id": "CVE-2021-41314"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1138"
},
{
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"id": "VAR-202109-1135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
}
],
"trust": 1.0552612305882352
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
}
]
},
"last_update_date": "2024-11-23T22:51:00.554000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Smart\u00a0Switches,\u00a0PSV-2021-0140,\u00a0PSV-2021-0144,\u00a0PSV-2021-0145",
"trust": 0.8,
"url": "https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145"
},
{
"title": "Patch for Multiple NETGEAR switches have authorization issues vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/296411"
},
{
"title": "Netgear NETGEAR Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164282"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1138"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.0
},
{
"problemtype": "injection (CWE-74) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41314"
},
{
"trust": 1.7,
"url": "https://gynvael.coldwind.pl/?id=742"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063978/security-advisory-for-multiple-vulnerabilities-on-some-smart-switches-psv-2021-0140-psv-2021-0144-psv-2021-0145"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"db": "VULMON",
"id": "CVE-2021-41314"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1138"
},
{
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"db": "VULMON",
"id": "CVE-2021-41314"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1138"
},
{
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41314"
},
{
"date": "2022-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1138"
},
{
"date": "2021-09-16T22:15:08.257000",
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83559"
},
{
"date": "2021-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41314"
},
{
"date": "2022-08-30T03:22:00",
"db": "JVNDB",
"id": "JVNDB-2021-012359"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1138"
},
{
"date": "2024-11-21T06:26:02.167000",
"db": "NVD",
"id": "CVE-2021-41314"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1138"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Injection Vulnerability in Smart Switch Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012359"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1138"
}
],
"trust": 0.6
}
}
var-202109-1066
Vulnerability from variot
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR Smart Switch contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GC108P and other American Netgear (Netgear) company's intelligent switch products. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gc108p",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.8.2"
},
{
"model": "gc108pp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.8.2"
},
{
"model": "gs110tpp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs110tup",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.5.3"
},
{
"model": "gs308t",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.3.2"
},
{
"model": "gs310tp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.3.2"
},
{
"model": "gs710tup",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.5.3"
},
{
"model": "gs716tp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs716tpp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs724tpp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs752tpp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "ms510txm",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "ms510txup",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs110tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs108t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs750e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.10"
},
{
"model": "gs728tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs724tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs752tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs728tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs110tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs108t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs310tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs710tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tpp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs308t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108p",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs716tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108pp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs108tv3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs110tpv3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs724tpv2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs728tppv2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs728tpv2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs750e",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "1.0.1.10"
},
{
"model": "gs752tpv2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "6.0.8.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"cve": "CVE-2021-40866",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2021-40866",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2021-83561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-40866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40866",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40866",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-40866",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-40866",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-83561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-729",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-40866",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"db": "VULMON",
"id": "CVE-2021-40866"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-729"
},
{
"db": "NVD",
"id": "CVE-2021-40866"
},
{
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR Smart Switch contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GC108P and other American Netgear (Netgear) company\u0027s intelligent switch products. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40866"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"db": "VULMON",
"id": "CVE-2021-40866"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40866",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-83561",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-729",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-40866",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"db": "VULMON",
"id": "CVE-2021-40866"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-729"
},
{
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"id": "VAR-202109-1066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
}
],
"trust": 1.1590209961904763
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
}
]
},
"last_update_date": "2024-11-23T22:20:45.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Smart\u00a0Switches,\u00a0PSV-2021-0140,\u00a0PSV-2021-0144,\u00a0PSV-2021-0145",
"trust": 0.8,
"url": "https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145"
},
{
"title": "Patch for Multiple NETGEAR smart switches have input verification error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/296416"
},
{
"title": "Netgear NETGEAR Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163755"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-729"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40866"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063978/security-advisory-for-multiple-vulnerabilities-on-some-smart-switches-psv-2021-0140-psv-2021-0144-psv-2021-0145"
},
{
"trust": 1.7,
"url": "https://gynvael.coldwind.pl/?id=740"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"db": "VULMON",
"id": "CVE-2021-40866"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-729"
},
{
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"db": "VULMON",
"id": "CVE-2021-40866"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-729"
},
{
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"date": "2021-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40866"
},
{
"date": "2022-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"date": "2021-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-729"
},
{
"date": "2021-09-13T08:15:08.037000",
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83561"
},
{
"date": "2021-09-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40866"
},
{
"date": "2022-08-18T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-011955"
},
{
"date": "2021-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-729"
},
{
"date": "2024-11-21T06:24:58.243000",
"db": "NVD",
"id": "CVE-2021-40866"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-729"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Authentication Vulnerability in Smart Switch",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011955"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-729"
}
],
"trust": 0.6
}
}
var-202105-0900
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3. This affects GC108P prior to 1.0.7.3, GC108PP prior to 1.0.7.3, GS108Tv3 prior to 7.0.6.3, GS110TPPv1 prior to 7.0.6.3, GS110TPv3 prior to 7.0.6.3, GS110TUPv1 prior to 1.0.4.3, GS710TUPv1 prior to 1.0.4.3, GS716TP prior to 1.0.2.3, GS716TPP prior to 1.0.2.3, GS724TPPv1 prior to 2.0.4.3, GS724TPv2 prior to 2.0.4.3, GS728TPPv2 prior to 6.0.6.3, GS728TPv2 prior to 6.0.6.3, GS752TPPv1 prior to 6.0.6.3, GS752TPv2 prior to 6.0.6.3, MS510TXM prior to 1.0.2.3, and MS510TXUP prior to 1.0.2.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0900",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs728tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.6.3"
},
{
"model": "ms510txm",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.3"
},
{
"model": "gc108p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.7.3"
},
{
"model": "gs724tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.4.3"
},
{
"model": "gs110tup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.3"
},
{
"model": "gs110tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.6.3"
},
{
"model": "gc108pp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.7.3"
},
{
"model": "gs716tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.3"
},
{
"model": "gs710tup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.3"
},
{
"model": "gs108t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.6.3"
},
{
"model": "ms510txup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.3"
},
{
"model": "gs110tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.6.3"
},
{
"model": "gs752tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.6.3"
},
{
"model": "gs716tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.2.3"
},
{
"model": "gs724tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.4.3"
},
{
"model": "gs728tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.6.3"
},
{
"model": "gs752tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.6.3"
},
{
"model": "gs110tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tpp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108p",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs108t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs710tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs724tpp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108pp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs716tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs716tpp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"cve": "CVE-2021-33514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33514",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33514",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-33514",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33514",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33514",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-33514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33514",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1401",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-33514",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33514"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1401"
},
{
"db": "NVD",
"id": "CVE-2021-33514"
},
{
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=\u0027;$HTTP_USER_AGENT;\u0027 with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3. This affects GC108P prior to 1.0.7.3, GC108PP prior to 1.0.7.3, GS108Tv3 prior to 7.0.6.3, GS110TPPv1 prior to 7.0.6.3, GS110TPv3 prior to 7.0.6.3, GS110TUPv1 prior to 1.0.4.3, GS710TUPv1 prior to 1.0.4.3, GS716TP prior to 1.0.2.3, GS716TPP prior to 1.0.2.3, GS724TPPv1 prior to 2.0.4.3, GS724TPv2 prior to 2.0.4.3, GS728TPPv2 prior to 6.0.6.3, GS728TPv2 prior to 6.0.6.3, GS752TPPv1 prior to 6.0.6.3, GS752TPv2 prior to 6.0.6.3, MS510TXM prior to 1.0.2.3, and MS510TXUP prior to 1.0.2.3",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33514"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "VULMON",
"id": "CVE-2021-33514"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33514",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007178",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1401",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33514",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33514"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1401"
},
{
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"id": "VAR-202105-0900",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37660023249999997
},
"last_update_date": "2024-08-14T14:55:57.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Pre-Authentication\u00a0Command\u00a0Injection\u00a0Vulnerability\u00a0on\u00a0Some\u00a0Smart\u00a0Switches,\u00a0PSV-2021-0071",
"trust": 0.8,
"url": "https://kb.netgear.com/000063641/Security-Advisory-for-Pre-Authentication-Command-Injection-Vulnerability-on-Some-Smart-Switches-PSV-2021-0071"
},
{
"title": "Netgear NETGEAR Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152237"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/f1tao/awesome-iot-security-resource "
},
{
"title": "SecBooks",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33514"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gynvael.coldwind.pl/?lang=en\u0026id=733"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063641/security-advisory-for-pre-authentication-command-injection-vulnerability-on-some-smart-switches-psv-2021-0071"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33514"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/f1tao/awesome-iot-security-resource"
},
{
"trust": 0.1,
"url": "https://github.com/sexybeast233/secbooks"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33514"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1401"
},
{
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-33514"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1401"
},
{
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33514"
},
{
"date": "2022-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1401"
},
{
"date": "2021-05-21T23:15:07.377000",
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33514"
},
{
"date": "2022-02-03T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-007178"
},
{
"date": "2021-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1401"
},
{
"date": "2022-01-04T16:53:10.093000",
"db": "NVD",
"id": "CVE-2021-33514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1401"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 In the device \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1401"
}
],
"trust": 0.6
}
}
var-202109-1067
Vulnerability from variot
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR Smart Switch contains an authentication vulnerability and a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs110tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gs110tup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.3"
},
{
"model": "ms510txm",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs724tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs110tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gc108pp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.8.2"
},
{
"model": "gs716tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs108t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "7.0.7.2"
},
{
"model": "gc108p",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.8.2"
},
{
"model": "gs716tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs750e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.10"
},
{
"model": "gs728tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs724tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.6.3"
},
{
"model": "gs752tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs752tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs310tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.2"
},
{
"model": "gs308t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.3.2"
},
{
"model": "ms510txup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.2"
},
{
"model": "gs710tup",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.5.3"
},
{
"model": "gs728tpp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.0.8.2"
},
{
"model": "gs110tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs108t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs310tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs710tup",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tpp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs308t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108p",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs716tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs110tp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gc108pp",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"cve": "CVE-2021-40867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2021-40867",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-40867",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-40867",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40867",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40867",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2021-40867",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40867",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-730",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-40867",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-40867"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-730"
},
{
"db": "NVD",
"id": "CVE-2021-40867"
},
{
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin\u0027s machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR Smart Switch contains an authentication vulnerability and a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40867"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "VULMON",
"id": "CVE-2021-40867"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40867",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011956",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202109-730",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-40867",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-40867"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-730"
},
{
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"id": "VAR-202109-1067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3826293946666666
},
"last_update_date": "2024-11-23T22:57:56.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Smart\u00a0Switches,\u00a0PSV-2021-0140,\u00a0PSV-2021-0144,\u00a0PSV-2021-0145",
"trust": 0.8,
"url": "https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145"
},
{
"title": "Netgear NETGEAR Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163756"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-730"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Race condition (CWE-362) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000063978/security-advisory-for-multiple-vulnerabilities-on-some-smart-switches-psv-2021-0140-psv-2021-0144-psv-2021-0145"
},
{
"trust": 1.7,
"url": "https://gynvael.coldwind.pl/?id=741"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40867"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-40867"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-730"
},
{
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-40867"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-730"
},
{
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40867"
},
{
"date": "2022-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"date": "2021-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-730"
},
{
"date": "2021-09-13T08:15:13.323000",
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40867"
},
{
"date": "2022-08-18T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-011956"
},
{
"date": "2021-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-730"
},
{
"date": "2024-11-21T06:24:58.477000",
"db": "NVD",
"id": "CVE-2021-40867"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-730"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Authentication Vulnerability in Smart Switch",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011956"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-730"
}
],
"trust": 0.6
}
}
var-202112-2272
Vulnerability from variot
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36. This affects GS108Tv2 prior to 5.4.2.36 and GS110TPv2 prior to 5.4.2.36
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs110tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.36"
},
{
"model": "gs108t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.36"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:gs108t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.2.36",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:gs108t:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:gs108t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.2.36",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netgear:gs108t:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:gs110tp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.2.36",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:gs110tp:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:gs110tp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.2.36",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netgear:gs110tp:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"cve": "CVE-2021-45677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-45677",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-45677",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-45677",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45677",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45677"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
},
{
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36. This affects GS108Tv2 prior to 5.4.2.36 and GS110TPv2 prior to 5.4.2.36",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45677"
},
{
"db": "VULMON",
"id": "CVE-2021-45677"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45677",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2473",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45677",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45677"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
},
{
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"id": "VAR-202112-2272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37142858
},
"last_update_date": "2022-05-04T09:41:49.404000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Netgear NETGEAR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177030"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000064448/security-advisory-for-stored-cross-site-scripting-on-some-smart-managed-pro-switches-psv-2019-0191"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45677"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45677"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
},
{
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-45677"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
},
{
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45677"
},
{
"date": "2021-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2473"
},
{
"date": "2021-12-26T01:15:00",
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45677"
},
{
"date": "2022-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2473"
},
{
"date": "2022-01-05T13:01:00",
"db": "NVD",
"id": "CVE-2021-45677"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear NETGEAR Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2473"
}
],
"trust": 0.6
}
}
var-202004-1332
Vulnerability from variot
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier. plural NETGEAR A device contains an injection vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. NETGEAR FS752TP, etc. are all products of NETGEAR. NETGEAR FS752TP is a stackable smart switch. NETGEAR GS108T is an intelligent management switch. NETGEAR M6100 is a fully managed switch.
There are security holes in many NETGEAR products. Attackers can use the specially crafted URL to exploit the vulnerability to execute commands on the switch. This affects FS752TP 5.4.2.19 and previous versions, GS108Tv2 5.4.2.29 and previous versions, GS110TP 5.4.2.29 and previous versions, GS418TPP 6.6.2.6 and previous versions, GS510TLP 6.6.2.6 and previous versions, GS510TP 5.04.2.27 and previous versions, GS510TPP 6.6.2.6 and previous versions, GS716Tv2 5.4.2.27 and previous versions, GS716Tv3 6.3.1.16 and previous versions, GS724Tv3 5.4.2.27 and previous versions, GS724Tv4 6.3.1.16 and previous versions, GS728TPSB 5.3.0.29 and previous versions, GS728TSB 5.3.0.29 and previous versions, GS728TXS 6.1.0.35 and previous versions, GS748Tv4 5.4.2.27 and previous versions, GS748Tv5 6.3.1.16 and previous versions, GS752TPSB 5.3.0.29 and previous versions, GS752TSB 5.3.0.29 and previous versions, GS752TXS 6.1.0.35 and previous versions, M4200 12.0.2.10 and previous versions, M4300 12.0.2.10 and previous versions, M5300 11.0.0.28 and previous versions, M6100 11.0.0.28 and previous versions, M7100 11.0.0.28 and previous versions, S3300 6.6.1.4 and previous versions, XS708T 6.6.0.11 and previous versions, XS712T 6.1.0.34 and previous versions, and XS716T 6.6.0.11 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs724t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs510tlp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "fs752tp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.19"
},
{
"model": "gs716t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "xs708t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.0.11"
},
{
"model": "xs716t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.0.11"
},
{
"model": "gs748t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs728txs",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "gs724t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs728tsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "m5300",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "gs110tp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "m4200",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "gs752txs",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "gs108t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "gs748t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs752tsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "xs712t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.1.0.34"
},
{
"model": "m7100",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "gs716t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "s3300",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.1.4"
},
{
"model": "gs728tpsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs752tpsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "m4300",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "gs510tp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.04.2.27"
},
{
"model": "gs418tpp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs510tpp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "m6100",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "fs752tp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.19"
},
{
"model": "gs108t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "gs110tp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "gs418tpp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs510tlp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs510tp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.04.2.27"
},
{
"model": "gs510tpp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs716t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs716t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs724t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "fs752tp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.19"
},
{
"model": "gs108tv2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.29"
},
{
"model": "gs110tp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.29"
},
{
"model": "gs418tpp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.2.6"
},
{
"model": "gs510tlp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.2.6"
},
{
"model": "gs510tp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.04.2.27"
},
{
"model": "gs510tpp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.2.6"
},
{
"model": "gs716tv2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.27"
},
{
"model": "gs716tv3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.3.1.16"
},
{
"model": "gs724tv3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.27"
},
{
"model": "gs724tv4",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.3.1.16"
},
{
"model": "gs728tpsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs728tsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs728txs",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.1.0.35"
},
{
"model": "gs748tv4",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.27"
},
{
"model": "gs748tv5",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.3.1.16"
},
{
"model": "gs752tpsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs752tsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs752txs",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.1.0.35"
},
{
"model": "m4200",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.10"
},
{
"model": "m4300",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.10"
},
{
"model": "m5300",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=11.0.0.28"
},
{
"model": "m6100",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=11.0.0.28"
},
{
"model": "m7100",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=11.0.0.28"
},
{
"model": "s3300",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.1.4"
},
{
"model": "xs708t",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.0.11"
},
{
"model": "xs712t",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.1.0.34"
},
{
"model": "xs716t",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.0.11"
},
{
"model": "gs724t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs728tpsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs728tsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs728txs",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "gs748t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs748t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs752tpsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs752tsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs752txs",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "m4200",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "m4300",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "m5300",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "m6100",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "m7100",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "s3300",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.6.1.4"
},
{
"model": "xs708t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.6.0.11"
},
{
"model": "xs712t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.1.0.34"
},
{
"model": "xs716t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.6.0.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:fs752tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs110tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs418tpp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs510tlp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs510tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs510tpp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs716t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs724t_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
}
]
},
"cve": "CVE-2017-18860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18860",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-014985",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-30574",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2017-18860",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-014985",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014985",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-30574",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2386",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18860",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier. plural NETGEAR A device contains an injection vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. NETGEAR FS752TP, etc. are all products of NETGEAR. NETGEAR FS752TP is a stackable smart switch. NETGEAR GS108T is an intelligent management switch. NETGEAR M6100 is a fully managed switch. \n\r\n\r\nThere are security holes in many NETGEAR products. Attackers can use the specially crafted URL to exploit the vulnerability to execute commands on the switch. This affects FS752TP 5.4.2.19 and previous versions, GS108Tv2 5.4.2.29 and previous versions, GS110TP 5.4.2.29 and previous versions, GS418TPP 6.6.2.6 and previous versions, GS510TLP 6.6.2.6 and previous versions, GS510TP 5.04.2.27 and previous versions, GS510TPP 6.6.2.6 and previous versions, GS716Tv2 5.4.2.27 and previous versions, GS716Tv3 6.3.1.16 and previous versions, GS724Tv3 5.4.2.27 and previous versions, GS724Tv4 6.3.1.16 and previous versions, GS728TPSB 5.3.0.29 and previous versions, GS728TSB 5.3.0.29 and previous versions, GS728TXS 6.1.0.35 and previous versions, GS748Tv4 5.4.2.27 and previous versions, GS748Tv5 6.3.1.16 and previous versions, GS752TPSB 5.3.0.29 and previous versions, GS752TSB 5.3.0.29 and previous versions, GS752TXS 6.1.0.35 and previous versions, M4200 12.0.2.10 and previous versions, M4300 12.0.2.10 and previous versions, M5300 11.0.0.28 and previous versions, M6100 11.0.0.28 and previous versions, M7100 11.0.0.28 and previous versions, S3300 6.6.1.4 and previous versions, XS708T 6.6.0.11 and previous versions, XS712T 6.1.0.34 and previous versions, and XS716T 6.6.0.11 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18860",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-30574",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18860",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"id": "VAR-202004-1332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
}
],
"trust": 1.3429854174074074
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
}
]
},
"last_update_date": "2024-11-23T22:21:12.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Authentication Bypass and Remote Command Execution on Some Smart and Managed Switches, PSV-2017-0857",
"trust": 0.8,
"url": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857"
},
{
"title": "Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-30574)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/219291"
},
{
"title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117761"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18860"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000038519/security-advisory-for-authentication-bypass-and-remote-command-execution-on-some-smart-and-managed-switches-psv-2017-0857"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18860"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"date": "2020-04-29T14:15:14.013000",
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"date": "2024-11-21T03:21:06.917000",
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
}
],
"trust": 0.6
}
}