Vulnerabilites related to netgear - gs716t
Vulnerability from fkie_nvd
Published
2020-04-29 14:15
Modified
2024-11-21 03:21
Severity ?
Summary
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:fs752tp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAF6CBC-713C-4BCD-BA73-29BD5E6B2CC0",
"versionEndIncluding": "5.4.2.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:fs752tp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA58F24F-EC29-4592-BAD6-F7710F897E76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07615C61-628A-4168-AEB5-BBEB8E14D039",
"versionEndIncluding": "5.4.2.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108tv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9045AE-E205-4FE2-9DD8-51EFA8D9B7EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs110tp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57C21A5F-460B-41AF-8C81-59B5C39AFF6F",
"versionEndIncluding": "5.4.2.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs110tp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3949875-D8ED-4280-B1C7-123674774C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs418tpp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3D5437-B5F7-4C11-9935-D95A848DF84D",
"versionEndIncluding": "6.6.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs418tpp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFF539E-3159-4479-9BC5-AD2A5239415F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs510tlp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C26847F-3523-4455-90AB-A84E2422247D",
"versionEndIncluding": "6.6.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs510tlp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F54D4D-EB69-4B6A-B2D1-7D8013AB04D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs510tp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D4AE3C-6585-406D-B596-A9933AA8B57C",
"versionEndIncluding": "5.04.2.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs510tp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED4BF26-254F-4550-8B8B-5F90CD4A2556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs510tpp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57DD367F-50E8-48A2-B44F-FD6AE99A7BEF",
"versionEndIncluding": "6.6.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs510tpp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C4447-DFC2-40B8-AD47-F7D8DDD34570",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs716t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC7EA9C-0A45-40A4-85A9-563E8922ACB5",
"versionEndIncluding": "5.4.2.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs716t:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B93D08F-4C7B-4DE6-A72A-5AAAC3E42F29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs716t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47770B21-3153-4B10-817F-D47442D7C3BF",
"versionEndIncluding": "6.3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs716t:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B048480-9790-4267-9C12-ABADA7646A9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs724t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A21595F4-961A-42BE-A530-3304F23C5A24",
"versionEndIncluding": "5.4.2.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs724t:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "15240AAD-9CDF-4E78-A43D-0AD0A21F0A05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs724t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29FDAE41-1436-4695-9E40-68DC5050910B",
"versionEndIncluding": "6.3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs724t:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF8C3CE-84D9-4BEE-85AE-82D8346BDECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs728tpsb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF656382-57CD-4017-859E-3A6FFD3E66AF",
"versionEndIncluding": "5.3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs728tpsb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECB631-64D3-4944-8E45-683FF12C1D89",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs728tsb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30712720-94B0-4212-88C0-A5D9DC36C9A0",
"versionEndIncluding": "5.3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs728tsb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73D5C8B5-E199-43E3-9C17-FBF55D916F8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs728txs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69D579C0-A6FA-4200-9866-99C8E02BACC3",
"versionEndIncluding": "6.1.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs728txs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB931A26-A4F1-4170-AA66-188C29B46AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs748t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC428D3-868A-421D-8AD8-1D8AF1522D82",
"versionEndIncluding": "5.4.2.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs748t:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "BED8AA40-EC6E-4652-A6F8-57856EBDC16A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs748t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81FEC177-54A7-4D62-B6B8-53FA193B5D24",
"versionEndIncluding": "6.3.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs748t:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "C47152C0-F85E-4073-BE49-9DDF1C99E828",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs752tpsb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8EA70D-EE90-41D9-978C-4377B49AA3FA",
"versionEndIncluding": "5.3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs752tpsb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B178-367D-446C-9EE9-5B2940AE6956",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs752tsb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B92FCC-AD30-4C5B-AB31-12C564FB36B5",
"versionEndIncluding": "5.3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs752tsb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F207F-9977-4390-AB85-EAE8B385E87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs752txs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F17244-9B03-4F30-B565-2A4F21EB6793",
"versionEndIncluding": "6.1.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs752txs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2BD166-0AF7-48FE-B677-B5D28672DA74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBD796E-9525-468B-81D1-9A848B3862D3",
"versionEndIncluding": "12.0.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80617DBE-44F0-44E1-B59A-9456D4995C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m4300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04C8ED4F-822D-4BE5-AB37-D18B779C5AC8",
"versionEndIncluding": "12.0.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AC8BD-6DDA-481B-A1E9-466A04FB9680",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m5300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA50A8A-FCF6-46F9-8E79-6A44ACF74CE7",
"versionEndIncluding": "11.0.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10DCF81-D2AD-403C-AAB8-97ED936FD458",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m6100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7FAA5A-D2FC-4D29-B741-B13DD7F7974F",
"versionEndIncluding": "11.0.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFDB23F-9895-42E4-88A1-83FE4A6D0709",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:m7100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E191EAA-A1D4-4629-B16B-AE1B5C8028A0",
"versionEndIncluding": "11.0.0.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:m7100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C43A67-C198-48C3-9CDB-6B2039C306B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:s3300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1ED353-91DC-4A25-995A-0AEFB5B1AC3D",
"versionEndIncluding": "6.6.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:s3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880C8ABD-7469-4D24-8878-D4BA299F890B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs708t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C1664B-4794-4FC1-BF9F-A1329E572BDE",
"versionEndIncluding": "6.6.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs708t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D78D4126-20E7-43C2-BD98-2BEAF2A5FD1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs712t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06EE98ED-4348-4999-8259-493855582249",
"versionEndIncluding": "6.1.0.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs712t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67E3C3C9-946B-4490-B018-152FF64C7A6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs716t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C9DD2-A69A-40B4-9AD1-E0F5B002877B",
"versionEndIncluding": "6.6.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs716t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE86C949-F8F4-43FB-9089-9E0BE95A5FF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una ejecuci\u00f3n de comandos de depuraci\u00f3n. Esto afecta a FS752TP versiones 5.4.2.19 y anteriores, GS108Tv2 versiones 5.4.2.29 y anteriores, GS110TP versiones 5.4.2.29 y anteriores, GS418TPP versiones 6.6.2.6 y anteriores, GS510TLP versiones 6.6.2.6 y anteriores, GS510TP versiones 5.04.2.27 y anteriores, GS510TPP versiones 6.6.2.6 y anteriores, GS716Tv2 versiones 5.4.2.27 y anteriores, GS716Tv3 versiones 6.3.1.16 y anteriores, GS724Tv3 versiones 5.4.2.27 y anteriores, GS724Tv4 versiones 6.3.1.16 y anteriores, GS728TPSB versiones 5.3.0.29 y anteriores, GS728TSB versiones 5.3.0.29 y anteriores, GS728TXS versiones 6.1.0. 35 y anteriores, GS748Tv4 versiones 5.4.2.27 y anteriores, GS748Tv5 versiones 6.3.1.16 y anteriores, GS752TPSB versiones 5.3.0.29 y anteriores, GS752TSB versiones 5.3.0.29 y anteriores, GS752TXS versiones 6.1.0.35 y anteriores, M4200 versiones 12.0.2.10 y anteriores, M4300 versiones 12.0.2. 10 y anteriores, M5300 versiones 11.0.0.28 y anteriores, M6100 versiones 11.0.0.28 y anteriores, M7100 versiones 11.0.0.28 y anteriores, S3300 versiones 6.6.1.4 y anteriores, XS708T versiones 6.6.0.11 y anteriores, XS712T versiones 6.1.0.34 y anteriores, y XS716T versiones 6.6.0.11 y anteriores."
}
],
"id": "CVE-2017-18860",
"lastModified": "2024-11-21T03:21:06.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T14:15:14.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-28 05:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN29903998/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN29903998/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.netgear.com/support/product/gs716Tv2.aspx | Patch, Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.netgear.com/support/product/gs724tv3.aspx | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN29903998/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN29903998/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netgear.com/support/product/gs716Tv2.aspx | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netgear.com/support/product/gs724tv3.aspx | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | gs716tv2_firmware | * | |
| netgear | gs716t | v2 | |
| netgear | gs724tv3_firmware | * | |
| netgear | gs724t | v3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs716tv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E282109-F38D-4D61-9B18-B4CBB6CC91B8",
"versionEndIncluding": "5.4.2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs716t:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B93D08F-4C7B-4DE6-A72A-5AAAC3E42F29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs724tv3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4BD1ED-C45A-4308-B906-DA5359F49C7A",
"versionEndIncluding": "5.4.2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs724t:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "15240AAD-9CDF-4E78-A43D-0AD0A21F0A05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en concentradores de conmutaci\u00f3n NETGEAR (GS716Tv2 versiones de Firmware 5.4.2.30 y anteriores, y GS724Tv3 versiones de Firmware 5.4.2.30 y anteriores), permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores y alterar la configuraci\u00f3n del dispositivo por medio de vectores no especificados"
}
],
"id": "CVE-2020-5621",
"lastModified": "2024-11-21T05:34:22.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-28T05:15:11.277",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN29903998/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN29903998/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.netgear.com/support/product/gs716Tv2.aspx"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.netgear.com/support/product/gs724tv3.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN29903998/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN29903998/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.netgear.com/support/product/gs716Tv2.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.netgear.com/support/product/gs724tv3.aspx"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | gs716t_firmware | * | |
| netgear | gs716t | v3 | |
| netgear | gs724t_firmware | * | |
| netgear | gs724t | v4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs716t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFAB906-C24A-49C9-83E9-2C3D156C7094",
"versionEndExcluding": "6.3.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs716t:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B048480-9790-4267-9C12-ABADA7646A9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs724t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CD8B73-2605-4C69-9753-C643D8D12E99",
"versionEndExcluding": "6.3.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs724t:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF8C3CE-84D9-4BEE-85AE-82D8346BDECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF.\u0026#xa0;Esto afecta a GS716Tv3 versiones anteriores a 6.3.1.36 y GS724Tv4 versiones anteriores a 6.3.1.36."
}
],
"id": "CVE-2020-35778",
"lastModified": "2024-11-21T05:28:04.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T00:15:12.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-18860
Vulnerability from cvelistv5
Published
2020-04-29 13:38
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T13:38:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18860",
"datePublished": "2020-04-29T13:38:19",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5621
Vulnerability from cvelistv5
Published
2020-08-28 04:05
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.netgear.com/support/product/gs716Tv2.aspx | x_refsource_MISC | |
| https://www.netgear.com/support/product/gs724tv3.aspx | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN29903998/index.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN29903998/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Neuroinformatics Unit, Integrative Computational Brain Science Collaboration Division, RIKEN Center for Brain Science | Multiple NETGEAR switching hubs |
Version: GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netgear.com/support/product/gs716Tv2.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netgear.com/support/product/gs724tv3.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN29903998/index.html"
},
{
"name": "JVN#29903998",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN29903998/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple NETGEAR switching hubs",
"vendor": "Neuroinformatics Unit, Integrative Computational Brain Science Collaboration Division, RIKEN Center for Brain Science",
"versions": [
{
"status": "affected",
"version": "GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-28T04:06:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netgear.com/support/product/gs716Tv2.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netgear.com/support/product/gs724tv3.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN29903998/index.html"
},
{
"name": "JVN#29903998",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN29903998/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple NETGEAR switching hubs",
"version": {
"version_data": [
{
"version_value": "GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier"
}
]
}
}
]
},
"vendor_name": "Neuroinformatics Unit, Integrative Computational Brain Science Collaboration Division, RIKEN Center for Brain Science"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netgear.com/support/product/gs716Tv2.aspx",
"refsource": "MISC",
"url": "https://www.netgear.com/support/product/gs716Tv2.aspx"
},
{
"name": "https://www.netgear.com/support/product/gs724tv3.aspx",
"refsource": "MISC",
"url": "https://www.netgear.com/support/product/gs724tv3.aspx"
},
{
"name": "https://jvn.jp/en/jp/JVN29903998/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN29903998/index.html"
},
{
"name": "JVN#29903998",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN29903998/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5621",
"datePublished": "2020-08-28T04:05:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35778
Vulnerability from cvelistv5
Published
2020-12-29 23:41
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T23:41:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35778",
"datePublished": "2020-12-29T23:41:45",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202012-1132
Vulnerability from variot
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR GS716Tv3 is a 16-port Gigabit Ethernet intelligent management professional switch with 2 SFP ports. NETGEAR GS724Tv4 is a 24-port Gigabit intelligent management professional switch with 2 SFP ports.
NETGEAR GS716Tv3 and GS724Tv4 have cross-site request forgery vulnerabilities. No detailed vulnerability details are currently provided. This affects GS716Tv3 prior to 6.3.1.36 and GS724Tv4 prior to 6.3.1.36
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs716t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.36"
},
{
"model": "gs724t",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.36"
},
{
"model": "gs724t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs716t",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs716tv3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "6.3.1.36"
},
{
"model": "gs724tv4",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "6.3.1.36"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"cve": "CVE-2020-35778",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-35778",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-44693",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-35778",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-35778",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35778",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35778",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-35778",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-35778",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-44693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1752",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35778",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"db": "VULMON",
"id": "CVE-2020-35778"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1752"
},
{
"db": "NVD",
"id": "CVE-2020-35778"
},
{
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR GS716Tv3 is a 16-port Gigabit Ethernet intelligent management professional switch with 2 SFP ports. NETGEAR GS724Tv4 is a 24-port Gigabit intelligent management professional switch with 2 SFP ports. \n\r\n\r\nNETGEAR GS716Tv3 and GS724Tv4 have cross-site request forgery vulnerabilities. No detailed vulnerability details are currently provided. This affects GS716Tv3 prior to 6.3.1.36 and GS724Tv4 prior to 6.3.1.36",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35778"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"db": "VULMON",
"id": "CVE-2020-35778"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35778",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-44693",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1752",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-35778",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"db": "VULMON",
"id": "CVE-2020-35778"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1752"
},
{
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"id": "VAR-202012-1132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
}
]
},
"last_update_date": "2024-11-23T22:16:10.763000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Cross\u00a0Site\u00a0Request\u00a0Forgery\u00a0on\u00a0Some\u00a0Smart\u00a0Managed\u00a0Pro\u00a0Switches,\u00a0PSV-2020-0368",
"trust": 0.8,
"url": "https://kb.netgear.com/000062721/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Smart-Managed-Pro-Switches-PSV-2020-0368"
},
{
"title": "Patch for NETGEAR GS716Tv3 and GS724Tv4 cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/274881"
},
{
"title": "Multiple Netgear Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138268"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1752"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35778"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000062721/security-advisory-for-cross-site-request-forgery-on-some-smart-managed-pro-switches-psv-2020-0368"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"db": "VULMON",
"id": "CVE-2020-35778"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1752"
},
{
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"db": "VULMON",
"id": "CVE-2020-35778"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1752"
},
{
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"date": "2020-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35778"
},
{
"date": "2021-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"date": "2020-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1752"
},
{
"date": "2020-12-30T00:15:12.817000",
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-44693"
},
{
"date": "2020-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35778"
},
{
"date": "2021-09-21T07:30:00",
"db": "JVNDB",
"id": "JVNDB-2020-015391"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1752"
},
{
"date": "2024-11-21T05:28:04.097000",
"db": "NVD",
"id": "CVE-2020-35778"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1752"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015391"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1752"
}
],
"trust": 0.6
}
}
var-202004-1332
Vulnerability from variot
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier. plural NETGEAR A device contains an injection vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. NETGEAR FS752TP, etc. are all products of NETGEAR. NETGEAR FS752TP is a stackable smart switch. NETGEAR GS108T is an intelligent management switch. NETGEAR M6100 is a fully managed switch.
There are security holes in many NETGEAR products. Attackers can use the specially crafted URL to exploit the vulnerability to execute commands on the switch. This affects FS752TP 5.4.2.19 and previous versions, GS108Tv2 5.4.2.29 and previous versions, GS110TP 5.4.2.29 and previous versions, GS418TPP 6.6.2.6 and previous versions, GS510TLP 6.6.2.6 and previous versions, GS510TP 5.04.2.27 and previous versions, GS510TPP 6.6.2.6 and previous versions, GS716Tv2 5.4.2.27 and previous versions, GS716Tv3 6.3.1.16 and previous versions, GS724Tv3 5.4.2.27 and previous versions, GS724Tv4 6.3.1.16 and previous versions, GS728TPSB 5.3.0.29 and previous versions, GS728TSB 5.3.0.29 and previous versions, GS728TXS 6.1.0.35 and previous versions, GS748Tv4 5.4.2.27 and previous versions, GS748Tv5 6.3.1.16 and previous versions, GS752TPSB 5.3.0.29 and previous versions, GS752TSB 5.3.0.29 and previous versions, GS752TXS 6.1.0.35 and previous versions, M4200 12.0.2.10 and previous versions, M4300 12.0.2.10 and previous versions, M5300 11.0.0.28 and previous versions, M6100 11.0.0.28 and previous versions, M7100 11.0.0.28 and previous versions, S3300 6.6.1.4 and previous versions, XS708T 6.6.0.11 and previous versions, XS712T 6.1.0.34 and previous versions, and XS716T 6.6.0.11 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs724t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs510tlp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "fs752tp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.19"
},
{
"model": "gs716t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "xs708t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.0.11"
},
{
"model": "xs716t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.0.11"
},
{
"model": "gs748t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs728txs",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "gs724t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs728tsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "m5300",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "gs110tp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "m4200",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "gs752txs",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "gs108t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "gs748t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs752tsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "xs712t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.1.0.34"
},
{
"model": "m7100",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "gs716t",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "s3300",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.1.4"
},
{
"model": "gs728tpsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs752tpsb",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "m4300",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "gs510tp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.04.2.27"
},
{
"model": "gs418tpp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs510tpp",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "m6100",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "fs752tp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.19"
},
{
"model": "gs108t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "gs110tp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.29"
},
{
"model": "gs418tpp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs510tlp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs510tp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.04.2.27"
},
{
"model": "gs510tpp",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.6.2.6"
},
{
"model": "gs716t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs716t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs724t",
"scope": "eq",
"trust": 0.9,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "fs752tp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.19"
},
{
"model": "gs108tv2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.29"
},
{
"model": "gs110tp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.29"
},
{
"model": "gs418tpp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.2.6"
},
{
"model": "gs510tlp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.2.6"
},
{
"model": "gs510tp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.04.2.27"
},
{
"model": "gs510tpp",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.2.6"
},
{
"model": "gs716tv2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.27"
},
{
"model": "gs716tv3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.3.1.16"
},
{
"model": "gs724tv3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.27"
},
{
"model": "gs724tv4",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.3.1.16"
},
{
"model": "gs728tpsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs728tsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs728txs",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.1.0.35"
},
{
"model": "gs748tv4",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.4.2.27"
},
{
"model": "gs748tv5",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.3.1.16"
},
{
"model": "gs752tpsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs752tsb",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=5.3.0.29"
},
{
"model": "gs752txs",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.1.0.35"
},
{
"model": "m4200",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.10"
},
{
"model": "m4300",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=12.0.2.10"
},
{
"model": "m5300",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=11.0.0.28"
},
{
"model": "m6100",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=11.0.0.28"
},
{
"model": "m7100",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=11.0.0.28"
},
{
"model": "s3300",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.1.4"
},
{
"model": "xs708t",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.0.11"
},
{
"model": "xs712t",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.1.0.34"
},
{
"model": "xs716t",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=6.6.0.11"
},
{
"model": "gs724t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs728tpsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs728tsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs728txs",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "gs748t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.4.2.27"
},
{
"model": "gs748t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.3.1.16"
},
{
"model": "gs752tpsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs752tsb",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.3.0.29"
},
{
"model": "gs752txs",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.1.0.35"
},
{
"model": "m4200",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "m4300",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "12.0.2.10"
},
{
"model": "m5300",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "m6100",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "m7100",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "11.0.0.28"
},
{
"model": "s3300",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.6.1.4"
},
{
"model": "xs708t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.6.0.11"
},
{
"model": "xs712t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.1.0.34"
},
{
"model": "xs716t",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "6.6.0.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:fs752tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs110tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs418tpp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs510tlp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs510tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs510tpp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs716t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs724t_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
}
]
},
"cve": "CVE-2017-18860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18860",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-014985",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-30574",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2017-18860",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-014985",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014985",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-30574",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2386",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18860",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier. plural NETGEAR A device contains an injection vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. NETGEAR FS752TP, etc. are all products of NETGEAR. NETGEAR FS752TP is a stackable smart switch. NETGEAR GS108T is an intelligent management switch. NETGEAR M6100 is a fully managed switch. \n\r\n\r\nThere are security holes in many NETGEAR products. Attackers can use the specially crafted URL to exploit the vulnerability to execute commands on the switch. This affects FS752TP 5.4.2.19 and previous versions, GS108Tv2 5.4.2.29 and previous versions, GS110TP 5.4.2.29 and previous versions, GS418TPP 6.6.2.6 and previous versions, GS510TLP 6.6.2.6 and previous versions, GS510TP 5.04.2.27 and previous versions, GS510TPP 6.6.2.6 and previous versions, GS716Tv2 5.4.2.27 and previous versions, GS716Tv3 6.3.1.16 and previous versions, GS724Tv3 5.4.2.27 and previous versions, GS724Tv4 6.3.1.16 and previous versions, GS728TPSB 5.3.0.29 and previous versions, GS728TSB 5.3.0.29 and previous versions, GS728TXS 6.1.0.35 and previous versions, GS748Tv4 5.4.2.27 and previous versions, GS748Tv5 6.3.1.16 and previous versions, GS752TPSB 5.3.0.29 and previous versions, GS752TSB 5.3.0.29 and previous versions, GS752TXS 6.1.0.35 and previous versions, M4200 12.0.2.10 and previous versions, M4300 12.0.2.10 and previous versions, M5300 11.0.0.28 and previous versions, M6100 11.0.0.28 and previous versions, M7100 11.0.0.28 and previous versions, S3300 6.6.1.4 and previous versions, XS708T 6.6.0.11 and previous versions, XS712T 6.1.0.34 and previous versions, and XS716T 6.6.0.11 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18860",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-30574",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18860",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"id": "VAR-202004-1332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
}
],
"trust": 1.3429854174074074
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
}
]
},
"last_update_date": "2024-11-23T22:21:12.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Authentication Bypass and Remote Command Execution on Some Smart and Managed Switches, PSV-2017-0857",
"trust": 0.8,
"url": "https://kb.netgear.com/000038519/Security-Advisory-for-Authentication-Bypass-and-Remote-Command-Execution-on-Some-Smart-and-Managed-Switches-PSV-2017-0857"
},
{
"title": "Patch for Multiple NETGEAR product injection vulnerabilities (CNVD-2020-30574)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/219291"
},
{
"title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117761"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18860"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000038519/security-advisory-for-authentication-bypass-and-remote-command-execution-on-some-smart-and-managed-switches-psv-2017-0857"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18860"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"date": "2020-04-29T14:15:14.013000",
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-30574"
},
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18860"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014985"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2386"
},
{
"date": "2024-11-21T03:21:06.917000",
"db": "NVD",
"id": "CVE-2017-18860"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014985"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2386"
}
],
"trust": 0.6
}
}