Lucene search

[email protected]CVE-2018-21113

HistoryApr 22, 2020 - 3:15 p.m.

CVE-2018-21113

2020-04-2215:15:00

CWE-74

[email protected]

web.nvd.nist.gov

cve-2018-21113

netgear

command injection

vulnerability

nvd

d6100

d7800

r6100

r7500

r7500v2

r7800

r8900

r9000

wndr3700v4

wndr4300

wndr4300v2

wndr4500v3

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

33.3%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.

CPENameOperatorVersion
netgear:d6100_firmwarenetgear d6100 firmwarelt1.0.0.58
netgear:d7800_firmwarenetgear d7800 firmwarelt1.0.1.42
netgear:r6100_firmwarenetgear r6100 firmwarelt1.0.1.28
netgear:r7500_firmwarenetgear r7500 firmwarelt1.0.0.130
netgear:r7500_firmwarenetgear r7500 firmwarelt1.0.3.36
netgear:r7800_firmwarenetgear r7800 firmwarelt1.0.2.52
netgear:r8900_firmwarenetgear r8900 firmwarelt1.0.4.12
netgear:r9000_firmwarenetgear r9000 firmwarelt1.0.4.12
netgear:wndr3700_firmwarenetgear wndr3700 firmwarelt1.0.2.102
netgear:wndr4300_firmwarenetgear wndr4300 firmwarelt1.0.2.104

CPE	Name	Operator	Version
netgear:d6100_firmware	netgear d6100 firmware	lt	1.0.0.58
netgear:d7800_firmware	netgear d7800 firmware	lt	1.0.1.42
netgear:r6100_firmware	netgear r6100 firmware	lt	1.0.1.28
netgear:r7500_firmware	netgear r7500 firmware	lt	1.0.0.130
netgear:r7500_firmware	netgear r7500 firmware	lt	1.0.3.36
netgear:r7800_firmware	netgear r7800 firmware	lt	1.0.2.52
netgear:r8900_firmware	netgear r8900 firmware	lt	1.0.4.12
netgear:r9000_firmware	netgear r9000 firmware	lt	1.0.4.12
netgear:wndr3700_firmware	netgear wndr3700 firmware	lt	1.0.2.102
netgear:wndr4300_firmware	netgear wndr4300 firmware	lt	1.0.2.104

Rows per page:

1-10 of 121

References

kb.netgear.com/000060438/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-Modem-Routers-PSV-2018-0033

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVE-2018-21113

prion1 cvelist1