var-202004-1387
Vulnerability from variot
Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "m4300-28g",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-8x8f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-12x12f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x24f",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-48x",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4200",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4200",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-12x12f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-24x24f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe+",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-48x",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe+",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-8x8f",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-28g-poe+",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "12.0.2.15"
},
{
"model": "m4300-52g-poe+",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "12.0.2.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:m4200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-12x12f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-24x24f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-28g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-48x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-52g-poe%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:m4300-8x8f_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
}
]
},
"cve": "CVE-2017-18824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18824",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014868",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-63374",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18824",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"id": "CVE-2017-18824",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-014868",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18824",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18824",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014868",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2021-63374",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. plural NETGEAR A path traversal vulnerability exists in the device.Information may be obtained. NETGEAR M4300-28G, etc. are all managed switches of NETGEAR. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths. Attackers can use this vulnerability to access locations outside of the restricted directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18824"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNVD",
"id": "CNVD-2021-63374"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18824",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-63374",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"id": "VAR-202004-1387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
}
],
"trust": 1.072449505
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
}
]
},
"last_update_date": "2024-11-23T22:44:36.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Directory Traversal on Some Fully Managed Switches, PSV-2017-1942",
"trust": 0.8,
"url": "https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942"
},
{
"title": "Patch for Path traversal vulnerabilities in multiple NETGEAR products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/287156"
},
{
"title": "Multiple NETGEAR Product path traversal vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116202"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18824"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049041/security-advisory-for-directory-traversal-on-some-fully-managed-switches-psv-2017-1942"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"date": "2020-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"date": "2020-04-20T17:15:12.787000",
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-63374"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014868"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1629"
},
{
"date": "2024-11-21T03:21:00.933000",
"db": "NVD",
"id": "CVE-2017-18824"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Path traversal vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1629"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.