Lucene search

[email protected]CVE-2018-21094

HistoryApr 27, 2020 - 3:15 p.m.

CVE-2018-21094

2020-04-2715:15:12

[email protected]

web.nvd.nist.gov

cve-2018-21094

netgear

security

wac120

wac505

wac510

wnap320

wnap210v2

wndap350

wndap360

wndap660

wndap620

wnd930

wn604

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.5%

JSON

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

Affected configurations

NVD

Node

netgearwac120_firmwareRange<2.1.7

AND

netgearwac120Match-

Node

netgearwac505_firmwareRange<5.0.5.4

AND

netgearwac505Match-

Node

netgearwac510_firmwareRange<5.0.5.4

AND

netgearwac510Match-

Node

netgearwnap320_firmwareRange<3.7.11.4

AND

netgearwnap320Match-

Node

netgearwnap210_firmwareRange<3.7.11.4

AND

netgearwnap210Matchv2

Node

netgearwndap350_firmwareRange<3.7.11.4

AND

netgearwndap350Match-

Node

netgearwndap360_firmwareRange<3.7.11.4

AND

netgearwndap360Match-

Node

netgearwndap660_firmwareRange<3.7.11.4

AND

netgearwndap660Match-

Node

netgearwndap620_firmwareRange<2.1.7

AND

netgearwndap620Match-

Node

netgearwnd930_firmwareRange<2.1.5

AND

netgearwnd930Match-

Node

netgearwn604_firmwareRange<3.3.10

AND

netgearwn604Match-

CPENameOperatorVersion
netgear:wac120_firmwarenetgear wac120 firmwarelt2.1.7

CPE	Name	Operator	Version
netgear:wac120_firmware	netgear wac120 firmware	lt	2.1.7

References

kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVE-2018-21094

cvelist1 nvd1 prion1