Lucene search

MitreCVE-2018-21228

HistoryApr 24, 2020 - 3:15 p.m.

CVE-2018-21228

2020-04-2415:15:12

CWE-74

mitre

web.nvd.nist.gov

netgear

command injection

authenticated user

d7800

ex6100v2

ex6150v2

ex6200v2

ex6400

ex7300

r6100

r7500

r7800

r9000

wn3000rpv3

wndr4300v2

wndr4500v3

nvd

cve-2018-21228

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, EX6100v2 before 1.0.1.50, EX6150v2 before 1.0.1.50, EX6200v2 before 1.0.1.44, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.2.30, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Affected configurations

Nvd

Node

netgeard7800_firmwareRange<1.0.1.34

AND

netgeard7800Match-

Node

netgearex6100_firmwareRange<1.0.1.50

AND

netgearex6100Matchv2

Node

netgearex6150_firmwareRange<1.0.1.50

AND

netgearex6150Matchv2

Node

netgearex6200_firmwareRange<1.0.1.44

AND

netgearex6200Matchv2

Node

netgearex6400_firmwareRange<1.0.1.60

AND

netgearex6400Match-

Node

netgearex7300_firmwareRange<1.0.1.60

AND

netgearex7300Match-

Node

netgearr6100_firmwareRange<1.0.1.16

AND

netgearr6100Match-

Node

netgearr7500_firmwareRange<1.0.0.110

AND

netgearr7500Match-

Node

netgearr7800_firmwareRange<1.0.2.32

AND

netgearr7800Match-

Node

netgearr9000_firmwareRange<1.0.2.30

AND

netgearr9000Match-

Node

netgearwn3000rp_firmwareRange<1.0.2.50

AND

netgearwn3000rpMatchv3

Node

netgearwndr4300_firmwareRange<1.0.0.50

AND

netgearwndr4300Matchv2

Node

netgearwndr4500_firmwareRange<1.0.0.50

AND

netgearwndr4500Matchv3

VendorProductVersionCPE
netgeard7800_firmware*cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
netgeard7800-cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
netgearex6100_firmware*cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*
netgearex6100v2cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*
netgearex6150_firmware*cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*
netgearex6150v2cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*
netgearex6200_firmware*cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*
netgearex6200v2cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*
netgearex6400_firmware*cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*
netgearex6400-cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d7800_firmware	*	cpe:2.3:o:netgear:d7800_firmware::::::::
netgear	d7800	-	cpe:2.3:h:netgear:d7800:-:::::::*
netgear	ex6100_firmware	*	cpe:2.3:o:netgear:ex6100_firmware::::::::
netgear	ex6100	v2	cpe:2.3:h:netgear:ex6100:v2:::::::*
netgear	ex6150_firmware	*	cpe:2.3:o:netgear:ex6150_firmware::::::::
netgear	ex6150	v2	cpe:2.3:h:netgear:ex6150:v2:::::::*
netgear	ex6200_firmware	*	cpe:2.3:o:netgear:ex6200_firmware::::::::
netgear	ex6200	v2	cpe:2.3:h:netgear:ex6200:v2:::::::*
netgear	ex6400_firmware	*	cpe:2.3:o:netgear:ex6400_firmware::::::::
netgear	ex6400	-	cpe:2.3:h:netgear:ex6400:-:::::::*

Rows per page:

1-10 of 261

References

kb.netgear.com/000055106/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0607

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVE-2018-21228