Search criteria
6 vulnerabilities found for WC7600v2 by NETGEAR
VAR-202010-0588
Vulnerability from variot - Updated: 2023-12-18 14:04Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. plural NETGEAR The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wc9500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7600v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7500",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wc7600v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wc7600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wc9500",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"db": "NVD",
"id": "CVE-2020-26922"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc9500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc9500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26922"
}
]
},
"cve": "CVE-2020-26922",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-26922",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-26922",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-26922",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-26922",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-354",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. plural NETGEAR The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26922",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012118",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-354",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
]
},
"id": "VAR-202010-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.29270833
},
"last_update_date": "2023-12-18T14:04:34.013000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Post-Authentication\u00a0Command\u00a0Injection\u00a0on\u00a0Some\u00a0Wireless\u00a0Controllers,\u00a0PSV-2020-0139",
"trust": 0.8,
"url": "https://kb.netgear.com/000062330/security-advisory-for-post-authentication-command-injection-on-some-wireless-controllers-psv-2020-0139"
},
{
"title": "Multiple NETGEAR Fixes for device command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131140"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"db": "NVD",
"id": "CVE-2020-26922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062330/security-advisory-for-post-authentication-command-injection-on-some-wireless-controllers-psv-2020-0139"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26922"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"date": "2020-10-09T07:15:17.857000",
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-26T03:13:00",
"db": "JVNDB",
"id": "JVNDB-2020-012118"
},
{
"date": "2020-10-15T20:02:42.890000",
"db": "NVD",
"id": "CVE-2020-26922"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Command injection vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012118"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-354"
}
],
"trust": 0.6
}
}
VAR-202004-1520
Vulnerability from variot - Updated: 2023-12-18 13:56NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. plural NETGEAR The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500 is a wireless LAN controller of NETGEAR.
There are injection holes in the request_handler.php file in many NETGEAR products. A remote attacker can use the vulnerability to execute arbitrary commands by sending a specially crafted request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wc7520",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.5.0.46"
},
{
"model": "wc9500",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "6.5.3.5"
},
{
"model": "wc7600v2",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "6.5.3.5"
},
{
"model": "wc7600v1",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "6.5.3.5"
},
{
"model": "wc7500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.3.5"
},
{
"model": "wc7500",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "6.5.3.5"
},
{
"model": "wc7520",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.5.0.46"
},
{
"model": "wc7600v1",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "6.5.3.5"
},
{
"model": "wc7600v2",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "6.5.3.5"
},
{
"model": "wc9500",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "6.5.3.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "NVD",
"id": "CVE-2018-11106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7520_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.0.46",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7520:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600v1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600v1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc9500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc9500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11106"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Oleinik (alxndr on Bugcrowd) , Steven So , Muhammad Anas Imtiaz , Daniel Finn , Manuel Egele",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
],
"trust": 0.6
},
"cve": "CVE-2018-11106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-016279",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-35517",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016279",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11106",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2018-016279",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-35517",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-019",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "NVD",
"id": "CVE-2018-11106"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. plural NETGEAR The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500 is a wireless LAN controller of NETGEAR. \n\r\n\r\nThere are injection holes in the request_handler.php file in many NETGEAR products. A remote attacker can use the vulnerability to execute arbitrary commands by sending a specially crafted request",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11106"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "CNVD",
"id": "CNVD-2020-35517"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11106",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35517",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-019",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "NVD",
"id": "CVE-2018-11106"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
]
},
"id": "VAR-202004-1520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
}
],
"trust": 1.070357144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
}
]
},
"last_update_date": "2023-12-18T13:56:18.854000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Pre-Authentication Command Injection in request_handler.php on Some Wireless Controllers, PSV-2018-0051",
"trust": 0.8,
"url": "https://kb.netgear.com/000058243/security-advisory-for-pre-authentication-command-injection-in-request-handler-php-on-some-wireless-controllers-psv-2018-0051"
},
{
"title": "Patch for Multiple NETGEAR product command injection vulnerabilities (CNVD-2020-35517)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/224055"
},
{
"title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "NVD",
"id": "CVE-2018-11106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11106"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000058243/security-advisory-for-pre-authentication-command-injection-in-request-handler-php-on-some-wireless-controllers-psv-2018-0051"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "NVD",
"id": "CVE-2018-11106"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"db": "NVD",
"id": "CVE-2018-11106"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"date": "2020-04-01T17:15:14.737000",
"db": "NVD",
"id": "CVE-2018-11106"
},
{
"date": "2020-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35517"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016279"
},
{
"date": "2023-11-07T02:51:37.613000",
"db": "NVD",
"id": "CVE-2018-11106"
},
{
"date": "2022-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Product injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016279"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-019"
}
],
"trust": 0.6
}
}
VAR-202004-1559
Vulnerability from variot - Updated: 2023-12-18 13:23Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500, etc. are all a wireless LAN controller from NETGEAR.
Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1559",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wc7500",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "6.5.3.9"
},
{
"model": "wc7520",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "6.5.3.9"
},
{
"model": "wc7600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.3.9"
},
{
"model": "wc7500",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "6.5.3.9"
},
{
"model": "wc7520",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "6.5.3.9"
},
{
"model": "wc7600",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "6.5.3.9"
},
{
"model": "wc7600v1",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "6.5.3.9"
},
{
"model": "wc7600v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "6.5.3.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "NVD",
"id": "CVE-2018-21123"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7520_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7520:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600:v1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21123"
}
]
},
"cve": "CVE-2018-21123",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016304",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-52944",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016304",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21123",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21123",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016304",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-52944",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1921",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500, etc. are all a wireless LAN controller from NETGEAR. \n\r\n\r\nInjection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "CNVD",
"id": "CNVD-2021-52944"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21123",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-52944",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1921",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
]
},
"id": "VAR-202004-1559",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
}
],
"trust": 1.085357144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
}
]
},
"last_update_date": "2023-12-18T13:23:18.219000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Pre-Authentication Command Injection on Some Wireless Controllers, PSV-2018-0230",
"trust": 0.8,
"url": "https://kb.netgear.com/000060235/security-advisory-for-pre-authentication-command-injection-on-some-wireless-controllers-psv-2018-0230"
},
{
"title": "Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-52944)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/280011"
},
{
"title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117253"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "NVD",
"id": "CVE-2018-21123"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21123"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000060235/security-advisory-for-pre-authentication-command-injection-on-some-wireless-controllers-psv-2018-0230"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21123"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"date": "2020-04-22T16:15:12.420000",
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52944"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016304"
},
{
"date": "2020-04-24T20:13:14.853000",
"db": "NVD",
"id": "CVE-2018-21123"
},
{
"date": "2020-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1921"
}
],
"trust": 0.6
}
}
VAR-202010-0589
Vulnerability from variot - Updated: 2023-12-18 12:55Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. plural NETGEAR The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wc9500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7500",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7600v2",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7600",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "6.5.5.24"
},
{
"model": "wc7500",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wc7600v2",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wc7600",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wc9500",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"db": "NVD",
"id": "CVE-2020-26923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc7600v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc7600v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wc9500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.5.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wc9500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26923"
}
]
},
"cve": "CVE-2020-26923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-26923",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-26923",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-26923",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-26923",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-355",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. plural NETGEAR The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26923",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012119",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-355",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
]
},
"id": "VAR-202010-0589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.29270833
},
"last_update_date": "2023-12-18T12:55:52.287000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Stored\u00a0Cross\u00a0Site\u00a0Scripting\u00a0on\u00a0Some\u00a0Wireless\u00a0Controllers,\u00a0PSV-2020-0180",
"trust": 0.8,
"url": "https://kb.netgear.com/000062329/security-advisory-for-stored-cross-site-scripting-on-some-wireless-controllers-psv-2020-0180"
},
{
"title": "Multiple NETGEAR Fixes for device cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131141"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"db": "NVD",
"id": "CVE-2020-26923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062329/security-advisory-for-stored-cross-site-scripting-on-some-wireless-controllers-psv-2020-0180"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26923"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"date": "2020-10-09T07:15:17.950000",
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-26T03:13:00",
"db": "JVNDB",
"id": "JVNDB-2020-012119"
},
{
"date": "2020-10-15T19:44:34.223000",
"db": "NVD",
"id": "CVE-2020-26923"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Cross-site scripting vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012119"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-355"
}
],
"trust": 0.6
}
}
CVE-2018-11106 (GCVE-0-2018-11106)
Vulnerability from cvelistv5 – Published: 2020-04-01 16:31 – Updated: 2024-08-05 07:54
VLAI?
Summary
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WC7500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7520",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 2.5.0.46"
}
]
},
{
"product": "WC7600v1",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7600v2",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC9500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
}
],
"datePublic": "2018-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T16:31:45",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "netgear"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@netgear.com",
"ID": "CVE-2018-11106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WC7500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7520",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 2.5.0.46"
}
]
}
},
{
"product_name": "WC7600v1",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7600v2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC9500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "netgear",
"cveId": "CVE-2018-11106",
"datePublished": "2020-04-01T16:31:45",
"dateReserved": "2018-05-15T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11106 (GCVE-0-2018-11106)
Vulnerability from nvd – Published: 2020-04-01 16:31 – Updated: 2024-08-05 07:54
VLAI?
Summary
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WC7500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7520",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 2.5.0.46"
}
]
},
{
"product": "WC7600v1",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC7600v2",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
},
{
"product": "WC9500",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 6.5.3.5"
}
]
}
],
"datePublic": "2018-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T16:31:45",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "netgear"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@netgear.com",
"ID": "CVE-2018-11106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WC7500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7520",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 2.5.0.46"
}
]
}
},
{
"product_name": "WC7600v1",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC7600v2",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
},
{
"product_name": "WC9500",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to 6.5.3.5"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "netgear",
"cveId": "CVE-2018-11106",
"datePublished": "2020-04-01T16:31:45",
"dateReserved": "2018-05-15T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}