fkie_cve-2017-18731
Vulnerability from fkie_nvd
Published
2020-04-24 13:15
Modified
2024-11-21 03:20
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58.
References
cve@mitre.orghttps://kb.netgear.com/000051524/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2016-0096Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000051524/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2016-0096Vendor Advisory
Impacted products
Vendor Product Version
netgear r6100_firmware *
netgear r6100 -
netgear r7500_firmware *
netgear r7500 -
netgear r7800_firmware *
netgear r7800 -
netgear wnr2500_firmware *
netgear wnr2500 v5
netgear r7500_firmware *
netgear r7500 v2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A66936-4268-4990-8E83-24C74A75B9F6",
              "versionEndExcluding": "1.0.1.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F44A123-B256-428B-98C2-17570F2F32DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56014B19-02F8-4942-9889-7F3A4EB8F106",
              "versionEndExcluding": "1.0.0.112",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3B3F26-401C-4ED0-B871-4B4F8521F369",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3255D316-04E5-4056-BFFF-38B042167A74",
              "versionEndExcluding": "1.0.2.36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnr2500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E380032C-2E20-4DEC-9F51-A3F4BA29056B",
              "versionEndExcluding": "1.0.0.58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnr2500:v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B347A0-081A-475E-8CCE-2FA552050C5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98819AD-045F-45AE-9579-258E41882CD9",
              "versionEndExcluding": "1.0.3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0DFBF4-E393-44AE-AEF9-1B2059EE5AE8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58."
    },
    {
      "lang": "es",
      "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una configuraci\u00f3n incorrecta de los ajustes de seguridad. Esto afecta a R6100 versiones anteriores a la versi\u00f3n  1.0.1.16, R7500 versiones anteriores a 1.0.0.112, R7500v2 versiones anteriores a la veris\u00f3n 1.0.3.20, R7800 versiones anteriores a la versi\u00f3n  1.0.2.36, y WNR2000v5 versiones anteriores a la versi\u00f3n 1.0.0.58."
    }
  ],
  "id": "CVE-2017-18731",
  "lastModified": "2024-11-21T03:20:46.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-24T13:15:11.610",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000051524/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2016-0096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000051524/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2016-0096"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.