Lucene search

MitreCVE-2017-18756

HistoryApr 22, 2020 - 5:15 p.m.

CVE-2017-18756

2020-04-2217:15:11

mitre

web.nvd.nist.gov

cve-2017-18756

netgear

security settings

configuration

vulnerability

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.30, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7900 before 1.0.2.4, R8000 before 1.0.4.2, WN2500RPv2 before 1.0.1.50, WNDR3400v3 before 1.0.1.14, and WNDR4000 before 1.0.2.10.

Affected configurations

Nvd

Node

netgeard6220Match-

AND

netgeard6220_firmwareRange<1.0.0.32

Node

netgeard6400Match-

AND

netgeard6400_firmwareRange<1.0.0.66

Node

netgeard8500Match-

AND

netgeard8500_firmwareRange<1.0.3.35

Node

netgeardgn2200bMatchv4

AND

netgeardgn2200b_firmwareRange<1.0.0.94

Node

netgeardgn2200Matchv4

AND

netgeardgn2200_firmwareRange<1.0.0.94

Node

netgearr6250Match-

AND

netgearr6250_firmwareRange<1.0.4.14

Node

netgearr6300Matchv2

AND

netgearr6300_firmwareRange<1.0.4.18

Node

netgearr6400Match-

AND

netgearr6400_firmwareRange<1.01.32

Node

netgearr6400_firmwareRange<1.0.2.44

AND

netgearr6400Matchv2

Node

netgearr6700_firmwareRange<1.0.1.36

AND

netgearr6700Match-

Node

netgearr6900_firmwareRange<1.0.1.30

AND

netgearr6900Match-

Node

netgearr6900p_firmwareRange<1.3.0.8

AND

netgearr6900pMatch-

Node

netgearr7000_firmwareRange<1.0.9.14

AND

netgearr7000Match-

Node

netgearr7000p_firmwareRange<1.3.0.8

AND

netgearr7000pMatch-

Node

netgearr7100lg_firmwareRange<1.0.0.34

AND

netgearr7100lgMatch-

Node

netgearr7900_firmwareRange<1.0.2.4

AND

netgearr7900Match-

Node

netgearr8000_firmwareRange<1.0.4.2

AND

netgearr8000Match-

Node

netgearwn2500rp_firmwareRange<1.0.1.50

AND

netgearwn2500rpMatchv2

Node

netgearwndr3400_firmwareRange<1.0.1.14

AND

netgearwndr3400Matchv3

Node

netgearwndr4000_firmwareRange<1.0.2.10

AND

netgearwndr4000Match-

VendorProductVersionCPE
netgeard6220-cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
netgeard6220_firmware*cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
netgeard6400-cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*
netgeard6400_firmware*cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
netgeard8500-cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
netgeard8500_firmware*cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
netgeardgn2200bv4cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*
netgeardgn2200b_firmware*cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*
netgeardgn2200v4cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*
netgeardgn2200_firmware*cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d6220	-	cpe:2.3:h:netgear:d6220:-:::::::*
netgear	d6220_firmware	*	cpe:2.3:o:netgear:d6220_firmware::::::::
netgear	d6400	-	cpe:2.3:h:netgear:d6400:-:::::::*
netgear	d6400_firmware	*	cpe:2.3:o:netgear:d6400_firmware::::::::
netgear	d8500	-	cpe:2.3:h:netgear:d8500:-:::::::*
netgear	d8500_firmware	*	cpe:2.3:o:netgear:d8500_firmware::::::::
netgear	dgn2200b	v4	cpe:2.3:h:netgear:dgn2200b:v4:::::::*
netgear	dgn2200b_firmware	*	cpe:2.3:o:netgear:dgn2200b_firmware::::::::
netgear	dgn2200	v4	cpe:2.3:h:netgear:dgn2200:v4:::::::*
netgear	dgn2200_firmware	*	cpe:2.3:o:netgear:dgn2200_firmware::::::::

Rows per page:

1-10 of 391

References

kb.netgear.com/000051492/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2756

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

Related for CVE-2017-18756