Lucene search

[email protected]CVE-2017-18853

HistoryApr 29, 2020 - 2:15 p.m.

CVE-2017-18853

2020-04-2914:15:12

CWE-200

[email protected]

web.nvd.nist.gov

netgear

password recovery

file access

vulnerability

cve-2017-18853

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.

Affected configurations

NVD

Node

netgeard8500Match-

AND

netgeard8500_firmwareRange≤1.0.3.27

Node

netgeardgn2200Matchv4

AND

netgeardgn2200_firmwareRange≤1.0.0.82

Node

netgearr6300Matchv2

AND

netgearr6300_firmwareRange≤1.0.4.06

Node

netgearr6400Match-

AND

netgearr6400_firmwareRange≤1.0.1.20

Node

netgearr6400Matchv2

AND

netgearr6400_firmwareRange≤1.0.2.18

Node

netgearr6700Match-

AND

netgearr6700_firmwareRange≤1.0.1.22

Node

netgearr6900Match-

AND

netgearr6900_firmwareRange≤1.0.1.20

Node

netgearr7000Match-

AND

netgearr7000_firmwareRange≤1.0.7.10

Node

netgearr7000p_firmwareRange≤1.0.0.58

AND

netgearr7000pMatch-

Node

netgearr7100lg_firmwareRange≤1.0.0.28

AND

netgearr7100lgMatch-

Node

netgearr7300dst_firmwareRange≤1.0.0.52

AND

netgearr7300dstMatch-

Node

netgearr7900_firmwareRange≤1.0.1.12

AND

netgearr7900Match-

Node

netgearr8000_firmwareRange≤1.0.3.46

AND

netgearr8000Match-

Node

netgearr8300_firmwareRange≤1.0.2.86

AND

netgearr8300Match-

Node

netgearr8500_firmwareRange≤1.0.2.86

AND

netgearr8500Match-

Node

netgearwndr3400_firmwareRange≤1.0.1.8

AND

netgearwndr3400Matchv3

Node

netgearwndr4500_firmwareRange≤1.0.0.62

AND

netgearwndr4500Matchv2

CPENameOperatorVersion
netgear:d8500_firmwarenetgear d8500 firmwarele1.0.3.27

CPE	Name	Operator	Version
netgear:d8500_firmware	netgear d8500 firmware	le	1.0.3.27

References

kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVE-2017-18853

prion1 cvelist1 nvd1