Lucene search

MitreCVE-2017-18770

HistoryApr 22, 2020 - 3:15 p.m.

CVE-2017-18770

2020-04-2215:15:11

CWE-120

mitre

web.nvd.nist.gov

cve-2017-18770

netgear

buffer overflow

authenticated user

r7800

plw1000v2

plw1010v2

nvd

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Affected configurations

Nvd

Node

netgearr7800_firmwareRange<1.0.2.36

AND

netgearr7800Match-

Node

netgearplw1000_firmwareRange<1.0.0.14

AND

netgearplw1000Matchv2

Node

netgearplw1010_firmwareRange<1.0.0.14

AND

netgearplw1010Matchv2

VendorProductVersionCPE
netgearr7800_firmware*cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
netgearr7800-cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*
netgearplw1000_firmware*cpe:2.3:o:netgear:plw1000_firmware:*:*:*:*:*:*:*:*
netgearplw1000v2cpe:2.3:h:netgear:plw1000:v2:*:*:*:*:*:*:*
netgearplw1010_firmware*cpe:2.3:o:netgear:plw1010_firmware:*:*:*:*:*:*:*:*
netgearplw1010v2cpe:2.3:h:netgear:plw1010:v2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	r7800_firmware	*	cpe:2.3:o:netgear:r7800_firmware::::::::
netgear	r7800	-	cpe:2.3:h:netgear:r7800:-:::::::*
netgear	plw1000_firmware	*	cpe:2.3:o:netgear:plw1000_firmware::::::::
netgear	plw1000	v2	cpe:2.3:h:netgear:plw1000:v2:::::::*
netgear	plw1010_firmware	*	cpe:2.3:o:netgear:plw1010_firmware::::::::
netgear	plw1010	v2	cpe:2.3:h:netgear:plw1010:v2:::::::*

References

kb.netgear.com/000051473/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Powerlines-and-a-Router-PSV-2016-0121

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2017-18770