var-202004-1371
Vulnerability from variot
Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wac120_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wac510_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wn604_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
}
]
},
"cve": "CVE-2017-18806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18806",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014893",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-52966",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-18806",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-18806",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014893",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014893",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-52966",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18806",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-52966",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"id": "VAR-202004-1371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
],
"trust": 1.0737637281818182
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
]
},
"last_update_date": "2024-11-23T23:07:58.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2214",
"trust": 0.8,
"url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"
},
{
"title": "Patch for NETGEAR command injection vulnerability (CNVD-2021-52966)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/280076"
},
{
"title": "Multiple NETGEAR Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18806"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049061/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2214"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18806"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1835"
},
{
"date": "2020-04-21T16:15:51.337000",
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1835"
},
{
"date": "2024-11-21T03:20:58.387000",
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.