ID CVE-2017-18775Type cveReporter cve@mitre.orgModified 2020-04-24T16:01:00
Description
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.
{"id": "CVE-2017-18775", "bulletinFamily": "NVD", "title": "CVE-2017-18775", "description": "Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.", "published": "2020-04-22T15:15:00", "modified": "2020-04-24T16:01:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18775", "reporter": "cve@mitre.org", "references": ["https://kb.netgear.com/000049553/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-and-Gateways-PSV-2017-0388"], "cvelist": ["CVE-2017-18775"], "type": "cve", "lastseen": "2020-12-09T20:13:29", "edition": 9, "viewCount": 4, "enchantments": {"dependencies": {"references": [], "modified": "2020-12-09T20:13:29", "rev": 2}, "score": {"value": 3.7, "vector": "NONE", "modified": "2020-12-09T20:13:29", "rev": 2}, "vulnersScore": 3.7}, "cpe": [], "affectedSoftware": [{"cpeName": "netgear:wndr4300_firmware", "name": "netgear wndr4300 firmware", "operator": "lt", "version": "1.0.0.48"}, {"cpeName": "netgear:r7500_firmware", "name": "netgear r7500 firmware", "operator": "lt", "version": "1.0.0.108"}, {"cpeName": "netgear:wndr3700_firmware", "name": "netgear wndr3700 firmware", "operator": "lt", "version": "1.0.2.86"}, {"cpeName": "netgear:wndr4300_firmware", "name": "netgear wndr4300 firmware", "operator": "lt", "version": "1.0.2.88"}, {"cpeName": "netgear:wndr4500_firmware", "name": "netgear wndr4500 firmware", "operator": "lt", "version": "1.0.0.48"}, {"cpeName": "netgear:wnr2000_firmware", "name": "netgear wnr2000 firmware", "operator": "lt", "version": "1.0.0.42"}, {"cpeName": "netgear:r6100_firmware", "name": "netgear r6100 firmware", "operator": "lt", "version": "1.0.1.12"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-352"], "scheme": null, "affectedConfiguration": [{"cpeName": "netgear:wndr3700", "name": "netgear wndr3700", "operator": "eq", "version": "v4"}, {"cpeName": "netgear:wnr2000", "name": "netgear wnr2000", "operator": "eq", "version": "v5"}, {"cpeName": "netgear:wndr4500", "name": "netgear wndr4500", "operator": "eq", "version": "v3"}, {"cpeName": "netgear:r7500", "name": "netgear r7500", "operator": "eq", "version": "-"}, {"cpeName": "netgear:r6100", "name": "netgear r6100", "operator": "eq", "version": "-"}, {"cpeName": "netgear:wndr4300", "name": "netgear wndr4300", "operator": "eq", "version": "v1"}, {"cpeName": "netgear:wndr4300", "name": "netgear wndr4300", "operator": "eq", "version": "v2"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wnr2000_firmware:1.0.0.42:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.42", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wndr4500_firmware:1.0.0.48:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.48", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:r6100_firmware:1.0.1.12:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.1.12", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wndr3700_firmware:1.0.2.86:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.86", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wndr4300_firmware:1.0.0.48:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.48", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:r7500_firmware:1.0.0.108:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.108", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wndr4300_firmware:1.0.2.88:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.88", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}}
{}
