Lucene search

MitreCVE-2017-18752

HistoryApr 22, 2020 - 5:15 p.m.

CVE-2017-18752

2020-04-2217:15:11

CWE-200

mitre

web.nvd.nist.gov

cve-2017-18752

netgear

security vulnerability

file reading

firmware versions

nvd

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Certain NETGEAR devices are affected by an attacker’s ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.

Affected configurations

Nvd

Node

netgearex3700_firmwareRange<1.0.0.64

AND

netgearex3700Match-

Node

netgearex3800_firmwareRange<1.0.0.64

AND

netgearex3800Match-

Node

netgearex6120_firmwareRange<1.0.0.32

AND

netgearex6120Match-

Node

netgearex6130_firmwareRange<1.0.0.16

AND

netgearex6130Match-

Node

netgearr6300_firmwareRange<1.0.4.12

AND

netgearr6300Matchv2

Node

netgearr6700_firmwareRange<1.0.1.26

AND

netgearr6700Match-

Node

netgearr6900_firmwareRange<1.0.1.22

AND

netgearr6900Match-

Node

netgearr7000_firmwareRange<1.0.9.6

AND

netgearr7000Match-

Node

netgearr7300dst_firmwareRange<1.0.0.52

AND

netgearr7300dstMatch-

Node

netgearr7900_firmwareRange<1.0.1.12

AND

netgearr7900Match-

Node

netgearr8000_firmwareRange<1.0.3.24

AND

netgearr8000Match-

Node

netgearr8500_firmwareRange<1.0.2.94

AND

netgearr8500Match-

VendorProductVersionCPE
netgearex3700_firmware*cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
netgearex3700-cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*
netgearex3800_firmware*cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*
netgearex3800-cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*
netgearex6120_firmware*cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
netgearex6120-cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*
netgearex6130_firmware*cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*
netgearex6130-cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*
netgearr6300_firmware*cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*
netgearr6300v2cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	ex3700_firmware	*	cpe:2.3:o:netgear:ex3700_firmware::::::::
netgear	ex3700	-	cpe:2.3:h:netgear:ex3700:-:::::::*
netgear	ex3800_firmware	*	cpe:2.3:o:netgear:ex3800_firmware::::::::
netgear	ex3800	-	cpe:2.3:h:netgear:ex3800:-:::::::*
netgear	ex6120_firmware	*	cpe:2.3:o:netgear:ex6120_firmware::::::::
netgear	ex6120	-	cpe:2.3:h:netgear:ex6120:-:::::::*
netgear	ex6130_firmware	*	cpe:2.3:o:netgear:ex6130_firmware::::::::
netgear	ex6130	-	cpe:2.3:h:netgear:ex6130:-:::::::*
netgear	r6300_firmware	*	cpe:2.3:o:netgear:r6300_firmware::::::::
netgear	r6300	v2	cpe:2.3:h:netgear:r6300:v2:::::::*

Rows per page:

1-10 of 241

References

kb.netgear.com/000051502/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Extenders-PSV-2017-0319

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Related for CVE-2017-18752