Lucene search

[email protected]CVE-2017-18784

HistoryApr 22, 2020 - 3:15 p.m.

CVE-2017-18784

2020-04-2215:15:12

CWE-79

[email protected]

web.nvd.nist.gov

netgear

xss

d6200

d7000

jnr1010v2

jwnr2010v5

pr2000

r6020

r6050

r6080

r6120

r6220

r6700v2

r6800

r6900v2

wndr3700v5

wnr1000v4

wnr2020

wnr2050

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

33.8%

JSON

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Affected configurations

NVD

Node

netgeard6200_firmwareRange<1.1.00.24

AND

netgeard6200Match-

Node

netgeard7000_firmwareRange<1.0.1.52

AND

netgeard7000Match-

Node

netgearjnr1010_firmwareRange<1.1.0.44

AND

netgearjnr1010Matchv2

Node

netgearjwnr2010_firmwareRange<1.1.0.44

AND

netgearjwnr2010Matchv5

Node

netgearpr2000_firmwareRange<1.0.0.20

AND

netgearpr2000Match-

Node

netgearr6020_firmwareRange<1.0.0.26

AND

netgearr6020Match-

Node

netgearr6050_firmwareRange<1.0.1.12

AND

netgearr6050Match-

Node

netgearr6080_firmwareRange<1.0.0.26

AND

netgearr6080Match-

Node

netgearr6120_firmwareRange<1.0.0.36

AND

netgearr6120Match-

Node

netgearr6220_firmwareRange<1.1.0.60

AND

netgearr6220Match-

Node

netgearr6700_firmwareRange<1.2.0.12

AND

netgearr6700Matchv2

Node

netgearr6800_firmwareRange<1.2.0.12

AND

netgearr6800Match-

Node

netgearr6900_firmwareRange<1.2.0.12

AND

netgearr6900Matchv2

Node

netgearwndr3700_firmwareRange<1.1.0.50

AND

netgearwndr3700Matchv5

Node

netgearwnr1000_firmwareRange<1.1.0.44

AND

netgearwnr1000Matchv4

Node

netgearwnr2020_firmwareRange<1.1.0.44

AND

netgearwnr2020Match-

Node

netgearwnr2050_firmwareRange<1.1.0.44

AND

netgearwnr2050Match-

CPENameOperatorVersion
netgear:d6200_firmwarenetgear d6200 firmwarelt1.1.00.24

CPE	Name	Operator	Version
netgear:d6200_firmware	netgear d6200 firmware	lt	1.1.00.24

References

kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

33.8%

JSON

Related for CVE-2017-18784

prion1 cvelist1 nvd1