Vulnerabilites related to netgear - wndap360_firmware
Vulnerability from fkie_nvd
Published
2020-04-27 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wac120_firmware | * | |
| netgear | wac120 | - | |
| netgear | wac505_firmware | * | |
| netgear | wac505 | - | |
| netgear | wac510_firmware | * | |
| netgear | wac510 | - | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED872A8-5B73-406B-8044-B1BD50A881EA",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3819D8-D7C6-4491-BCCC-C6ED67C815DF",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A51431E-AD34-4129-8E99-0A6BB8B7DF07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "755E4AE7-BAC6-4526-B6F4-320CE8D319A6",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC83243-B576-43FA-9339-90FF51DA75B6",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A66070C-92C0-45CD-A46F-64008E3D2268",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A80C76F-0F02-43E7-87D3-FCC0898B99B8",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9BBA36-7705-4829-BD87-2B505E380C3B",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DDCC0-D625-4810-A7E7-4AAC705F034E",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "992B6FDF-8FC7-4ACF-BCB2-73C8D91ABB80",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A282C49C-684B-4722-A6AC-CF2131F572A3",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "918C4D1C-A684-47AD-AA42-926715D8568A",
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a WAC120 versiones anteriores a 2.1.7, WAC505 versiones anteriores a 5.0.5.4, WAC510 versiones anteriores a 5.0.5.4, WNAP320 versiones anteriores a 3.7.11.4, WNAP210v2 versiones anteriores a 3.7.11. 4, WNDAP350 versiones anteriores a 3.7.11.4, WNDAP360 versiones anteriores a 3.7.11.4, WNDAP660 versiones anteriores a 3.7.11.4, WNDAP620 versiones anteriores a 2.1.7, WND930 versiones anteriores a 2.1.5, y WN604 versiones anteriores a 3.3.10."
}
],
"id": "CVE-2018-21096",
"lastModified": "2024-11-21T04:02:53.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-27T16:15:12.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 03:21
Severity ?
Summary
Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - | |
| netgear | wac120_firmware | * | |
| netgear | wac120 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28BEFA11-71A8-4FDF-BC54-5AF4D359FF49",
"versionEndExcluding": "3.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A390A970-3C56-4682-853C-16335E95FD9E",
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D36B032D-EB59-40BC-8D04-1AE8746293A8",
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A85E15-3359-4500-808E-D05160C96A5D",
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3921F047-FEC6-4AE0-BC6A-B24795970675",
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8F2DEA-7095-451B-90FD-1D94285EC0FC",
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E07F80-C2B1-45E6-BBC9-0CD8B598E2C8",
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A7D131-F0A6-42BE-B119-20E0A9FCAD34",
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49AFDA75-C33C-421E-B4D7-449570944007",
"versionEndExcluding": "2.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una ejecuci\u00f3n de comandos por medio de un formulario PHP. Esto afecta a WN604 versiones 3.3.3 y anteriores, WNAP210v2 versiones 3.5.20.0 y anteriores, WNAP320 versiones 3.5.20.0 y anteriores, WNDAP350 versiones 3.5.20.0 y anteriores, WNDAP360 versiones 3.5.20.0 y anteriores, WNDAP620 versiones 2.0.11 y anteriores, WNDAP660 versiones 3.5.20.0 y anteriores, WND930 versiones 2.0.11 y anteriores, y WAC120 versiones 2.0.7 y anteriores."
}
],
"id": "CVE-2017-18863",
"lastModified": "2024-11-21T03:21:07.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T16:15:12.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-22 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wac120_firmware | * | |
| netgear | wac120 | - | |
| netgear | wac505_firmware | * | |
| netgear | wac505 | - | |
| netgear | wac510_firmware | * | |
| netgear | wac510 | - | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED872A8-5B73-406B-8044-B1BD50A881EA",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3819D8-D7C6-4491-BCCC-C6ED67C815DF",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A51431E-AD34-4129-8E99-0A6BB8B7DF07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "755E4AE7-BAC6-4526-B6F4-320CE8D319A6",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC83243-B576-43FA-9339-90FF51DA75B6",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A66070C-92C0-45CD-A46F-64008E3D2268",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A80C76F-0F02-43E7-87D3-FCC0898B99B8",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9BBA36-7705-4829-BD87-2B505E380C3B",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DDCC0-D625-4810-A7E7-4AAC705F034E",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "992B6FDF-8FC7-4ACF-BCB2-73C8D91ABB80",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A282C49C-684B-4722-A6AC-CF2131F572A3",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "918C4D1C-A684-47AD-AA42-926715D8568A",
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a WAC120 versiones anteriores a 2.1.7, WAC505 versiones anteriores a 5.0.5.4, WAC510 versiones anteriores a 5.0.5.4, WNAP320 versiones anteriores a 3.7.11.4, WNAP210v2 versiones anteriores a 3.7.11.4, WNDAP350 versiones anteriores a 3.7.11.4, WNDAP360 versiones anteriores a 3.7.11.4, WNDAP660 versiones anteriores a 3.7.11.4, WNDAP620 versiones anteriores a 2.1.7, WND930 versiones anteriores a 2.1.5 y WN604 versiones anteriores a 3.3.10."
}
],
"id": "CVE-2018-21120",
"lastModified": "2024-11-21T04:02:56.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-22T16:15:11.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-21 18:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wac510_firmware | * | |
| netgear | wac510 | - | |
| netgear | wac120_firmware | * | |
| netgear | wac120 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806B48FE-912E-488A-A89A-3321BF14B351",
"versionEndExcluding": "1.3.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64ACCC-A1E0-4D9F-B6E4-8AB8AD7936E5",
"versionEndExcluding": "2.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9267B577-EF4D-43A5-BC91-CB363F8EA421",
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7CFEDD-259B-4E40-9308-A071D236D4C7",
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBD44BB-11A5-45C8-A675-E9CBBB31C48F",
"versionEndExcluding": "3.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "965D072C-3F4F-49EB-93DB-377E91372214",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3E920F-B954-4D9F-A918-214A00785A9A",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B6AA52-F11E-4836-AF1D-7682FBD56CA4",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC5C872-DEC5-47EF-AA32-7D82E8DB9E48",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E46CB6AD-BCE4-4A82-B2CC-22190AEB2F3B",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comando. Esto afecta a WAC510 versiones anteriores a la versi\u00f3n 1.3.0.10, WAC120 versiones anteriores a la versi\u00f3n 2.1.4, WNDAP620 versiones anteriores a la versi\u00f3n 2.1.3, WND930 versiones anteriores a la versi\u00f3n 2.1.2, WN604 versiones anteriores a la 3.3. 7, WNDAP660 versiones anteriores a 3.7.4.0, WNDAP350 versiones anteriores a 3.7.4.0, WNAP320 versiones anteriores a 3.7.4.0, WNAP210v2 versiones anteriores a 3.7.4.0, y WNDAP360 versiones anteriores a 3.7.4.0."
}
],
"id": "CVE-2017-18805",
"lastModified": "2024-11-21T03:20:58.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T18:15:12.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-21 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wac510_firmware | * | |
| netgear | wac510 | - | |
| netgear | wac120_firmware | * | |
| netgear | wac120 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806B48FE-912E-488A-A89A-3321BF14B351",
"versionEndExcluding": "1.3.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64ACCC-A1E0-4D9F-B6E4-8AB8AD7936E5",
"versionEndExcluding": "2.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9267B577-EF4D-43A5-BC91-CB363F8EA421",
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7CFEDD-259B-4E40-9308-A071D236D4C7",
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBD44BB-11A5-45C8-A675-E9CBBB31C48F",
"versionEndExcluding": "3.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "965D072C-3F4F-49EB-93DB-377E91372214",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3E920F-B954-4D9F-A918-214A00785A9A",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B6AA52-F11E-4836-AF1D-7682FBD56CA4",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC5C872-DEC5-47EF-AA32-7D82E8DB9E48",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E46CB6AD-BCE4-4A82-B2CC-22190AEB2F3B",
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR, est\u00e1n afectados por una inyecci\u00f3n de comandos. Esto afecta a WAC510 versiones anteriores a la versi\u00f3n 1.3.0.10, WAC120 versiones anteriores a la versi\u00f3n 2.1.4, WNDAP620 versiones anteriores a la versi\u00f3n 2.1.3, WND930 versiones anteriores a la versi\u00f3n 2.1.2, WN604 versiones anteriores a la versi\u00f3n 3.3. 7, WNDAP660 versiones anteriores a la versi\u00f3n 3.7.4.0, WNDAP350 versiones anteriores a la versi\u00f3n 3.7.4.0, WNAP320 versiones anteriores a la versi\u00f3n 3.7.4.0, WNAP210v2 versiones anteriores a la versi\u00f3n 3.7.4.0, y WNDAP360 versiones anteriores a la versi\u00f3n 3.7.4.0."
}
],
"id": "CVE-2017-18806",
"lastModified": "2024-11-21T03:20:58.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T16:15:51.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-27 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wac505_firmware | * | |
| netgear | wac505 | - | |
| netgear | wac510_firmware | * | |
| netgear | wac510 | - | |
| netgear | wac120_firmware | * | |
| netgear | wac120 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3819D8-D7C6-4491-BCCC-C6ED67C815DF",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A51431E-AD34-4129-8E99-0A6BB8B7DF07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "755E4AE7-BAC6-4526-B6F4-320CE8D319A6",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED872A8-5B73-406B-8044-B1BD50A881EA",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "918C4D1C-A684-47AD-AA42-926715D8568A",
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC83243-B576-43FA-9339-90FF51DA75B6",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A66070C-92C0-45CD-A46F-64008E3D2268",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A80C76F-0F02-43E7-87D3-FCC0898B99B8",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9BBA36-7705-4829-BD87-2B505E380C3B",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DDCC0-D625-4810-A7E7-4AAC705F034E",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "992B6FDF-8FC7-4ACF-BCB2-73C8D91ABB80",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A282C49C-684B-4722-A6AC-CF2131F572A3",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria por parte de un atacante no autenticado. Esto afecta a WAC505 versiones anteriores a 5.0.5.4, WAC510 versiones anteriores a 5.0.5.4, WAC120 versiones anteriores a 2.1.7, WN604 versiones anteriores a 3.3.10, WNAP320 versiones anteriores a 3.7.11.4, WNAP210v2 versiones anteriores a 3. 7.11.4, WNDAP350 versiones anteriores a 3.7.11.4, WNDAP360 versiones anteriores a 3.7.11.4, WNDAP660 versiones anteriores a 3.7.11.4, WNDAP620 versiones anteriores a 2.1.7, y WND930 versiones anteriores a 2.1.5."
}
],
"id": "CVE-2018-21097",
"lastModified": "2024-11-21T04:02:53.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-27T16:15:12.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-21 15:59
Modified
2025-02-19 19:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap210v2_firmware | * | |
| netgear | wndap210v2 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wn802tv2_firmware | * | |
| netgear | wn802tv2 | - |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "NETGEAR Multiple WAP Devices Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB422D25-D72D-445B-869D-4A5FBF285357",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9801E95C-9464-4594-B4E8-6F227C597C27",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1AD5A1-5212-4C0A-88BB-F34314F9C037",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA9CFC3-D7D5-4538-AA31-9C4504E5AFA7",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99E67C3D-8907-4A96-BBAA-128959DB3962",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn802tv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169F7661-BB39-4188-A26E-9791FCE1DA6B",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn802tv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05B05670-CC01-4F53-B1A7-83FE3AFBA12E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands."
},
{
"lang": "es",
"value": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, y (5) boardDataWW.php en Netgear WN604 en versiones anteriores a 3.3.3 y WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360 y WNDAP660 en versiones anteriores a 3.5.5.0 permite a atacantes remotos ejecutar comandos arbitrarios."
}
],
"id": "CVE-2016-1555",
"lastModified": "2025-02-19T19:45:56.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2017-04-21T15:59:00.333",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45909/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45909/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-27 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wac120_firmware | * | |
| netgear | wac120 | - | |
| netgear | wac505_firmware | * | |
| netgear | wac505 | - | |
| netgear | wac510_firmware | * | |
| netgear | wac510 | - | |
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wnap210_firmware | * | |
| netgear | wnap210 | v2 | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wndap620_firmware | * | |
| netgear | wndap620 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED872A8-5B73-406B-8044-B1BD50A881EA",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3819D8-D7C6-4491-BCCC-C6ED67C815DF",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A51431E-AD34-4129-8E99-0A6BB8B7DF07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "755E4AE7-BAC6-4526-B6F4-320CE8D319A6",
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC83243-B576-43FA-9339-90FF51DA75B6",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A66070C-92C0-45CD-A46F-64008E3D2268",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A80C76F-0F02-43E7-87D3-FCC0898B99B8",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9BBA36-7705-4829-BD87-2B505E380C3B",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DDCC0-D625-4810-A7E7-4AAC705F034E",
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "992B6FDF-8FC7-4ACF-BCB2-73C8D91ABB80",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A282C49C-684B-4722-A6AC-CF2131F572A3",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "918C4D1C-A684-47AD-AA42-926715D8568A",
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una configuraci\u00f3n incorrecta de los ajustes de seguridad. Esto afecta a WAC120 versiones anteriores a la versi\u00f3n 2.1.7, WAC505 versiones anteriores a 5.0.5.4, WAC510 versiones anteriores a 5.0.5.4, WNAP320 versiones anteriores a 3.7.11.4, WNAP210v2 versiones anteriores a 3.7.11. 4, WNDAP350 versiones anteriores a 3.7.11.4, WNDAP360 versiones anteriores a 3.7.11.4, WNDAP660 versiones anteriores a 3.7.11.4, WNDAP620 versiones anteriores a 2.1.7, WND930 versiones anteriores a 2.1.5, y WN604 versiones anteriores a 3.3.10."
}
],
"id": "CVE-2018-21094",
"lastModified": "2024-11-21T04:02:53.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-27T15:15:12.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-21 15:59
Modified
2024-11-21 02:46
Severity ?
Summary
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://seclists.org/fulldisclosure/2016/Feb/112 | Mailing List, Third Party Advisory | |
| cret@cert.org | https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Feb/112 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB422D25-D72D-445B-869D-4A5FBF285357",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
},
{
"lang": "es",
"value": "Netgear WNAP320, WNDAP350 y WNDAP360 en versiones anteriores a 3.5.5.0 revelan contrase\u00f1as inal\u00e1mbricas y nombres de usuario y contrase\u00f1as administrativos sobre SNMP."
}
],
"id": "CVE-2016-1557",
"lastModified": "2024-11-21T02:46:38.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-21T15:59:00.410",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-21 15:59
Modified
2024-11-21 02:46
Severity ?
Summary
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://seclists.org/fulldisclosure/2016/Feb/112 | Mailing List, Third Party Advisory | |
| cret@cert.org | https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Feb/112 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap210v2_firmware | * | |
| netgear | wndap210v2 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB422D25-D72D-445B-869D-4A5FBF285357",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9801E95C-9464-4594-B4E8-6F227C597C27",
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1AD5A1-5212-4C0A-88BB-F34314F9C037",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA9CFC3-D7D5-4538-AA31-9C4504E5AFA7",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DF419-B28F-4B6A-8404-420326DFC2BE",
"versionEndIncluding": "2.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n en Netgear WN604 en versiones anteriores a 3.3.3; WNAP210, WNAP320, WNDAP350 y WNDAP360 en versiones anteriores a 3.5.5.0; y WND930 en versiones anteriores a 2.0.11 permite a los atacantes remotos leer el PIN o frase de acceso WPS inal\u00e1mbrico visitando p\u00e1ginas web no autenticadas."
}
],
"id": "CVE-2016-1556",
"lastModified": "2024-11-21T02:46:37.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-21T15:59:00.363",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-1556
Vulnerability from cvelistv5
Published
2017-04-21 15:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Feb/112 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic"
},
{
"name": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1556",
"datePublished": "2017-04-21T15:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18863
Vulnerability from cvelistv5
Published
2020-04-28 15:56
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T15:56:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18863",
"datePublished": "2020-04-28T15:56:07",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18805
Vulnerability from cvelistv5
Published
2020-04-21 17:42
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:43.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T17:42:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18805",
"datePublished": "2020-04-21T17:42:08",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T21:37:43.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21094
Vulnerability from cvelistv5
Published
2020-04-27 14:42
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T14:42:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21094",
"datePublished": "2020-04-27T14:42:14",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1555
Vulnerability from cvelistv5
Published
2017-04-21 15:00
Modified
2025-02-07 13:17
Severity ?
EPSS score ?
Summary
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/45909/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2016/Feb/112 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"name": "45909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45909/"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-1555",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:10:18.350058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-1555"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T13:17:23.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"name": "45909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45909/"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic"
},
{
"name": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"name": "45909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45909/"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1555",
"datePublished": "2017-04-21T15:00:00.000Z",
"dateReserved": "2016-01-07T00:00:00.000Z",
"dateUpdated": "2025-02-07T13:17:23.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21096
Vulnerability from cvelistv5
Published
2020-04-27 15:56
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T15:56:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21096",
"datePublished": "2020-04-27T15:56:14",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1557
Vulnerability from cvelistv5
Published
2017-04-21 15:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | x_refsource_MISC | |
| https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2016/Feb/112 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
},
{
"name": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
},
{
"name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1557",
"datePublished": "2017-04-21T15:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21097
Vulnerability from cvelistv5
Published
2020-04-27 15:57
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:H/PR:N/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T15:57:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:H/PR:N/S:U/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21097",
"datePublished": "2020-04-27T15:57:34",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18806
Vulnerability from cvelistv5
Published
2020-04-21 15:56
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T15:56:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18806",
"datePublished": "2020-04-21T15:56:41",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21120
Vulnerability from cvelistv5
Published
2020-04-22 15:12
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T15:12:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21120",
"datePublished": "2020-04-22T15:12:18",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}