Lucene search

[email protected]NVD:CVE-2018-21226

HistoryApr 28, 2020 - 5:15 p.m.

CVE-2018-21226

2020-04-2817:15:13

CWE-269

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

30.1%

JSON

Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.

Affected configurations

Nvd

Node

netgearjnr1010_firmwareRange<1.1.0.48

AND

netgearjnr1010Matchv2

Node

netgearjwnr2010_firmwareRange<1.1.0.48

AND

netgearjwnr2010Matchv5

Node

netgearwnr1000_firmwareRange<1.1.0.48

AND

netgearwnr1000Matchv4

Node

netgearwnr2020_firmwareRange<1.1.0.48

AND

netgearwnr2020Match-

Node

netgearwnr2050_firmwareRange<1.1.0.48

AND

netgearwnr2050Match-

VendorProductVersionCPE
netgearjnr1010_firmware*cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*
netgearjnr1010v2cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*
netgearjwnr2010_firmware*cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*
netgearjwnr2010v5cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*
netgearwnr1000_firmware*cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*
netgearwnr1000v4cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*
netgearwnr2020_firmware*cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
netgearwnr2020-cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
netgearwnr2050_firmware*cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*
netgearwnr2050-cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	jnr1010_firmware	*	cpe:2.3:o:netgear:jnr1010_firmware::::::::
netgear	jnr1010	v2	cpe:2.3:h:netgear:jnr1010:v2:::::::*
netgear	jwnr2010_firmware	*	cpe:2.3:o:netgear:jwnr2010_firmware::::::::
netgear	jwnr2010	v5	cpe:2.3:h:netgear:jwnr2010:v5:::::::*
netgear	wnr1000_firmware	*	cpe:2.3:o:netgear:wnr1000_firmware::::::::
netgear	wnr1000	v4	cpe:2.3:h:netgear:wnr1000:v4:::::::*
netgear	wnr2020_firmware	*	cpe:2.3:o:netgear:wnr2020_firmware::::::::
netgear	wnr2020	-	cpe:2.3:h:netgear:wnr2020:-:::::::*
netgear	wnr2050_firmware	*	cpe:2.3:o:netgear:wnr2050_firmware::::::::
netgear	wnr2050	-	cpe:2.3:h:netgear:wnr2050:-:::::::*

References

kb.netgear.com/000055110/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2017-0748

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

30.1%

JSON

Related for NVD:CVE-2018-21226

cvelist1 cve1 prion1