var-202004-1515
Vulnerability from variot
Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap660",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wac120_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wn604_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
}
]
},
"cve": "CVE-2017-18863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18863",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18863",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014995",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18863",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014995",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18863",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "VULMON",
"id": "CVE-2017-18863"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18863",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"id": "VAR-202004-1515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4443443822222222
},
"last_update_date": "2024-11-23T22:29:38.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for PHP Vulnerabilities on Wireless Access Points, PSV-2017-0517 and PSV-2016-0258",
"trust": 0.8,
"url": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258"
},
{
"title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117741"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000037827/security-advisory-for-php-vulnerabilities-on-wireless-access-points-psv-2017-0517-and-psv-2016-0258"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18863"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18863"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2262"
},
{
"date": "2020-04-28T16:15:12.747000",
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2262"
},
{
"date": "2024-11-21T03:21:07.387000",
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Product injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.