Lucene search

MitreCVE-2018-21123

HistoryApr 22, 2020 - 4:15 p.m.

CVE-2018-21123

2020-04-2216:15:12

CWE-74

mitre

web.nvd.nist.gov

netgear

command injection

cve-2018-21123

wc7500

wc7520

wc7600v1

wc7600v2

security vulnerability

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.

Affected configurations

Nvd

Node

netgearwc7500Match-

AND

netgearwc7500_firmwareRange<6.5.3.9

Node

netgearwc7520Match-

AND

netgearwc7520_firmwareRange<6.5.3.9

Node

netgearwc7600Matchv1

AND

netgearwc7600_firmwareRange<6.5.3.9

Node

netgearwc7600Matchv2

AND

netgearwc7600_firmwareRange<6.5.3.9

VendorProductVersionCPE
netgearwc7500-cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*
netgearwc7500_firmware*cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*
netgearwc7520-cpe:2.3:h:netgear:wc7520:-:*:*:*:*:*:*:*
netgearwc7520_firmware*cpe:2.3:o:netgear:wc7520_firmware:*:*:*:*:*:*:*:*
netgearwc7600v1cpe:2.3:h:netgear:wc7600:v1:*:*:*:*:*:*:*
netgearwc7600_firmware*cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*
netgearwc7600v2cpe:2.3:h:netgear:wc7600:v2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	wc7500	-	cpe:2.3:h:netgear:wc7500:-:::::::*
netgear	wc7500_firmware	*	cpe:2.3:o:netgear:wc7500_firmware::::::::
netgear	wc7520	-	cpe:2.3:h:netgear:wc7520:-:::::::*
netgear	wc7520_firmware	*	cpe:2.3:o:netgear:wc7520_firmware::::::::
netgear	wc7600	v1	cpe:2.3:h:netgear:wc7600:v1:::::::*
netgear	wc7600_firmware	*	cpe:2.3:o:netgear:wc7600_firmware::::::::
netgear	wc7600	v2	cpe:2.3:h:netgear:wc7600:v2:::::::*

References

kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

Related for CVE-2018-21123