Search criteria
13 vulnerabilities found for wn604 by netgear
CVE-2024-7153 (GCVE-0-2024-7153)
Vulnerability from cvelistv5 – Published: 2024-07-27 22:00 – Updated: 2024-08-01 21:52
VLAI?
Title
Netgear WN604 siteSurvey.php direct request
Summary
A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-425 - Direct Request
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wiki (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netgear:wn604_firmware:20240719:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn604_firmware",
"vendor": "netgear",
"versions": [
{
"status": "affected",
"version": "20240719"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7153",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T18:19:09.449691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T18:23:59.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:30.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-272556 | Netgear WN604 siteSurvey.php direct request",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.272556"
},
{
"name": "VDB-272556 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.272556"
},
{
"name": "Submit #377056 | Netgear WN604 Missing Authentication",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.377056"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://wiki.shikangsi.com/post/share/e8a2a0a0-5e72-4bb1-8805-cf155a89f583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN604",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "20240719"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Netgear WN604 bis 20240719 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei siteSurvey.php. Durch das Beeinflussen mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-27T22:00:08.933Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-272556 | Netgear WN604 siteSurvey.php direct request",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.272556"
},
{
"name": "VDB-272556 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.272556"
},
{
"name": "Submit #377056 | Netgear WN604 Missing Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.377056"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/e8a2a0a0-5e72-4bb1-8805-cf155a89f583"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-27T07:55:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netgear WN604 siteSurvey.php direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7153",
"datePublished": "2024-07-27T22:00:08.933Z",
"dateReserved": "2024-07-27T05:50:25.410Z",
"dateUpdated": "2024-08-01T21:52:30.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6646 (GCVE-0-2024-6646)
Vulnerability from cvelistv5 – Published: 2024-07-10 17:31 – Updated: 2024-08-01 21:41
VLAI?
Title
Netgear WN604 Web Interface downloadFile.php information disclosure
Summary
A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn604",
"vendor": "netgear",
"versions": [
{
"lessThan": "20240710",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T19:59:59.120182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:01:16.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-271052 | Netgear WN604 Web Interface downloadFile.php information disclosure",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.271052"
},
{
"name": "VDB-271052 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.271052"
},
{
"name": "Submit #367382 | NETGEAR NETGEAR Wireless N150Access Point WN604 Sensitive information leakage",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.367382"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/mikutool/vul/issues/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "WN604",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "20240710"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Netgear WN604 bis 20240710 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /downloadFile.php der Komponente Web Interface. Dank Manipulation des Arguments file mit der Eingabe config mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:31:04.041Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-271052 | Netgear WN604 Web Interface downloadFile.php information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.271052"
},
{
"name": "VDB-271052 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.271052"
},
{
"name": "Submit #367382 | NETGEAR NETGEAR Wireless N150Access Point WN604 Sensitive information leakage",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.367382"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mikutool/vul/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-10T12:23:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netgear WN604 Web Interface downloadFile.php information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6646",
"datePublished": "2024-07-10T17:31:04.041Z",
"dateReserved": "2024-07-10T10:18:02.495Z",
"dateUpdated": "2024-08-01T21:41:04.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7153 (GCVE-0-2024-7153)
Vulnerability from nvd – Published: 2024-07-27 22:00 – Updated: 2024-08-01 21:52
VLAI?
Title
Netgear WN604 siteSurvey.php direct request
Summary
A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-425 - Direct Request
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wiki (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netgear:wn604_firmware:20240719:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn604_firmware",
"vendor": "netgear",
"versions": [
{
"status": "affected",
"version": "20240719"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7153",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T18:19:09.449691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T18:23:59.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:30.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-272556 | Netgear WN604 siteSurvey.php direct request",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.272556"
},
{
"name": "VDB-272556 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.272556"
},
{
"name": "Submit #377056 | Netgear WN604 Missing Authentication",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.377056"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://wiki.shikangsi.com/post/share/e8a2a0a0-5e72-4bb1-8805-cf155a89f583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN604",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "20240719"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Netgear WN604 bis 20240719 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei siteSurvey.php. Durch das Beeinflussen mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-27T22:00:08.933Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-272556 | Netgear WN604 siteSurvey.php direct request",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.272556"
},
{
"name": "VDB-272556 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.272556"
},
{
"name": "Submit #377056 | Netgear WN604 Missing Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.377056"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/e8a2a0a0-5e72-4bb1-8805-cf155a89f583"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-27T07:55:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netgear WN604 siteSurvey.php direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7153",
"datePublished": "2024-07-27T22:00:08.933Z",
"dateReserved": "2024-07-27T05:50:25.410Z",
"dateUpdated": "2024-08-01T21:52:30.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6646 (GCVE-0-2024-6646)
Vulnerability from nvd – Published: 2024-07-10 17:31 – Updated: 2024-08-01 21:41
VLAI?
Title
Netgear WN604 Web Interface downloadFile.php information disclosure
Summary
A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn604",
"vendor": "netgear",
"versions": [
{
"lessThan": "20240710",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T19:59:59.120182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:01:16.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-271052 | Netgear WN604 Web Interface downloadFile.php information disclosure",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.271052"
},
{
"name": "VDB-271052 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.271052"
},
{
"name": "Submit #367382 | NETGEAR NETGEAR Wireless N150Access Point WN604 Sensitive information leakage",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.367382"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/mikutool/vul/issues/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "WN604",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "20240710"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Netgear WN604 bis 20240710 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /downloadFile.php der Komponente Web Interface. Dank Manipulation des Arguments file mit der Eingabe config mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:31:04.041Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-271052 | Netgear WN604 Web Interface downloadFile.php information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.271052"
},
{
"name": "VDB-271052 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.271052"
},
{
"name": "Submit #367382 | NETGEAR NETGEAR Wireless N150Access Point WN604 Sensitive information leakage",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.367382"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mikutool/vul/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-10T12:23:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netgear WN604 Web Interface downloadFile.php information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6646",
"datePublished": "2024-07-10T17:31:04.041Z",
"dateReserved": "2024-07-10T10:18:02.495Z",
"dateUpdated": "2024-08-01T21:41:04.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202004-1532
Vulnerability from variot - Updated: 2023-12-18 14:00Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap360",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac505",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21096"
}
]
},
"cve": "CVE-2018-21096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016402",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2018-21096",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016402",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21096",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2018-016402",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2185",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-21096",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "VULMON",
"id": "CVE-2018-21096"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21096",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-21096",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"id": "VAR-202004-1532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4320588036363636
},
"last_update_date": "2023-12-18T14:00:31.700000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0096",
"trust": 0.8,
"url": "https://kb.netgear.com/000060455/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0096"
},
{
"title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117708"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000060455/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0096"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21096"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21096"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"date": "2020-04-27T16:15:12.663000",
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"date": "2020-05-04T14:49:48.007000",
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
],
"trust": 0.6
}
}
VAR-202004-1533
Vulnerability from variot - Updated: 2023-12-18 13:47Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all wireless access points (AP) of NETGEAR.
There are buffer overflow vulnerabilities in many NETGEAR products, and remote attackers can use this vulnerability to execute arbitrary code by sending specially crafted requests. This affects WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WAC120 prior to 2.1.7, WN604 prior to 3.3.10, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, and WND930 prior to 2.1.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac505",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21097"
}
]
},
"cve": "CVE-2018-21097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016403",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28140",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-21097",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016403",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21097",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21097",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016403",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-28140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2187",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-21097",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all wireless access points (AP) of NETGEAR. \n\r\n\r\nThere are buffer overflow vulnerabilities in many NETGEAR products, and remote attackers can use this vulnerability to execute arbitrary code by sending specially crafted requests. This affects WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WAC120 prior to 2.1.7, WN604 prior to 3.3.10, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, and WND930 prior to 2.1.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21097",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28140",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-21097",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"id": "VAR-202004-1533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
}
],
"trust": 1.065498345
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
}
]
},
"last_update_date": "2023-12-18T13:47:32.814000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Pre-Authentication Stack Overflow on Some Wireless Access Points, PSV-2018-0094",
"trust": 0.8,
"url": "https://kb.netgear.com/000060457/security-advisory-for-pre-authentication-stack-overflow-on-some-wireless-access-points-psv-2018-0094"
},
{
"title": "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28140)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/217425"
},
{
"title": "Multiple NETGEAR Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21097"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000060457/security-advisory-for-pre-authentication-stack-overflow-on-some-wireless-access-points-psv-2018-0094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21097"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"date": "2020-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"date": "2020-04-27T16:15:12.710000",
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"date": "2020-05-04T14:15:46.887000",
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Out-of-bounds write vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
],
"trust": 0.6
}
}
VAR-202004-1515
Vulnerability from variot - Updated: 2023-12-18 13:37Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"cve": "CVE-2017-18863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18863",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014995",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18863",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014995",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18863",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "VULMON",
"id": "CVE-2017-18863"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18863",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"id": "VAR-202004-1515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4443443822222222
},
"last_update_date": "2023-12-18T13:37:50.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for PHP Vulnerabilities on Wireless Access Points, PSV-2017-0517 and PSV-2016-0258",
"trust": 0.8,
"url": "https://kb.netgear.com/000037827/security-advisory-for-php-vulnerabilities-on-wireless-access-points-psv-2017-0517-and-psv-2016-0258"
},
{
"title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117741"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000037827/security-advisory-for-php-vulnerabilities-on-wireless-access-points-psv-2017-0517-and-psv-2016-0258"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18863"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18863"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"date": "2020-04-28T16:15:12.747000",
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"date": "2020-05-05T13:26:01.897000",
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Product injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
],
"trust": 0.6
}
}
VAR-202004-1318
Vulnerability from variot - Updated: 2023-12-18 13:28Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"cve": "CVE-2017-18805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014895",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-57167",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014895",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18805",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18805",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014895",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-57167",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "CNVD",
"id": "CNVD-2021-57167"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18805",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-57167",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"id": "VAR-202004-1318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
}
],
"trust": 1.0737637281818182
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
}
]
},
"last_update_date": "2023-12-18T13:28:09.671000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2213",
"trust": 0.8,
"url": "https://kb.netgear.com/000049060/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2213"
},
{
"title": "Patch for NETGEAR command injection vulnerability (CNVD-2021-57167)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/283626"
},
{
"title": "Multiple NETGEAR Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116292"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18805"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049060/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2213"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18805"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"date": "2020-04-21T18:15:12.593000",
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"date": "2020-04-23T18:51:15.087000",
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
],
"trust": 0.6
}
}
VAR-202004-1530
Vulnerability from variot - Updated: 2023-12-18 13:28Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap360",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac505",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21094"
}
]
},
"cve": "CVE-2018-21094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016405",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-21094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-016405",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016405",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-21094",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "VULMON",
"id": "CVE-2018-21094"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21094",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-21094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"id": "VAR-202004-1530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4320588036363637
},
"last_update_date": "2023-12-18T13:28:09.394000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for a Security Misconfiguration on Some Wireless Access Points, PSV-2018-0350",
"trust": 0.8,
"url": "https://kb.netgear.com/000060460/security-advisory-for-a-security-misconfiguration-on-some-wireless-access-points-psv-2018-0350"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117280"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000060460/security-advisory-for-a-security-misconfiguration-on-some-wireless-access-points-psv-2018-0350"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21094"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"date": "2020-04-27T15:15:12.143000",
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"date": "2020-05-04T15:17:47.837000",
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
],
"trust": 0.6
}
}
VAR-202004-1371
Vulnerability from variot - Updated: 2023-12-18 13:07Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"cve": "CVE-2017-18806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014893",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-52966",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014893",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014893",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-52966",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18806",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-52966",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"id": "VAR-202004-1371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
],
"trust": 1.0737637281818182
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
]
},
"last_update_date": "2023-12-18T13:07:37.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2214",
"trust": 0.8,
"url": "https://kb.netgear.com/000049061/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2214"
},
{
"title": "Patch for NETGEAR command injection vulnerability (CNVD-2021-52966)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/280076"
},
{
"title": "Multiple NETGEAR Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18806"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049061/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2214"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18806"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"date": "2020-04-21T16:15:51.337000",
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"date": "2020-04-23T20:22:29.643000",
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
],
"trust": 0.6
}
}
VAR-202004-1556
Vulnerability from variot - Updated: 2023-12-18 12:56Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1556",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac505",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.11.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"cve": "CVE-2018-21120",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016301",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-59162",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016301",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21120",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21120",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2018-016301",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-59162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1917",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21120",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-59162",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"id": "VAR-202004-1556",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
],
"trust": 1.065498345
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
]
},
"last_update_date": "2023-12-18T12:56:03.700000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0095",
"trust": 0.8,
"url": "https://kb.netgear.com/000060238/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0095"
},
{
"title": "Patch for Cross-site request forgery vulnerability in multiple NETGEAR products (CNVD-2021-59162)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/284356"
},
{
"title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117250"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21120"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000060238/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"date": "2020-04-22T16:15:11.903000",
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"date": "2020-04-24T19:59:43.087000",
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"date": "2020-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
],
"trust": 0.6
}
}
VAR-201704-0304
Vulnerability from variot - Updated: 2023-12-18 12:37Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices. The device bypasses the authentication page, and the attacker can use the vulnerability to obtain sensitive information such as wireless WPSPIN. NETGEAR WN604 is a wireless access point (AP) of NETGEAR. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WNAP210 prior to 3.5.5.0, WNAP320 prior to 3.5.5.0, WNDAP350 prior to 3.5.5.0, WNDAP360 prior to 3.5.5.0; WND930 2.0 Versions prior to .11
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap210v2",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnd930",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.4"
},
{
"model": "wndap360",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wnap320",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.3.3"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "2.0.11"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wn604",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap210",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap320",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap350",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wndap210v2",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "2.0.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1556"
}
]
},
"cve": "CVE-2016-1556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1556",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01690",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90375",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1556",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1556",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01690",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90375",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear\u0027s various devices. The device bypasses the authentication page, and the attacker can use the vulnerability to obtain sensitive information such as wireless WPSPIN. NETGEAR WN604 is a wireless access point (AP) of NETGEAR. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WNAP210 prior to 3.5.5.0, WNAP320 prior to 3.5.5.0, WNDAP350 prior to 3.5.5.0, WNDAP360 prior to 3.5.5.0; WND930 2.0 Versions prior to .11",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1556",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "135956",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01690",
"trust": 0.6
},
{
"db": "VULDB",
"id": "81129",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90375",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"id": "VAR-201704-0304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
}
],
"trust": 1.22198852
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
}
]
},
"last_update_date": "2023-12-18T12:37:29.507000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2016-1556 - Notification",
"trust": 0.8,
"url": "https://kb.netgear.com/30481/cve-2016-1556-notification"
},
{
"title": "Multiple Netgear Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61088"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2016/feb/112"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/30481/cve-2016-1556-notification?cid=wmt_netgear_organic"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1556"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1556"
},
{
"trust": 0.6,
"url": "http://vuldb.com/?id.81129"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90375"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"date": "2017-04-21T15:59:00.363000",
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90375"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"date": "2017-04-28T18:39:46.573000",
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"date": "2017-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Netgear Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
],
"trust": 0.6
}
}
VAR-201704-0303
Vulnerability from variot - Updated: 2023-12-18 12:37(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are authentication bypass vulnerabilities in Netgear's various devices. Attackers exploit vulnerabilities to directly pass input command lines on unverified web pages and initiate command injection attacks. Security vulnerabilities exist in multiple files in several Netgear products. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WN802Tv2 prior to 3.5.5.0; WNAP210v2 prior to 3.5.5.0; WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5 Versions prior to .5.0; versions prior to WNDAP660 3.5.5.0. Hello,
We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. This has been assigned CVE-2016-1555. Affected devices include:
Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:
D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695
Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:
Netgear WN604 Netgear WNAP210 Netgear WNAP320 Netgear WND930 Netgear WNDAP350 Netgear WNDAP360
Several devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID’s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:
D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.
Thanks,
Dominic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap210v2",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn802tv2",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap360",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wnap320",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap660",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.3.3"
},
{
"model": "wn802tv2",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wn604",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wn802tv2",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap210",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap320",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap350",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wndap210v2",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn802tv2",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn802tv2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn802tv2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1555"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dominic Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1555",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01687",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90374",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1555",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1555",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-01687",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-397",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90374",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1555",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are authentication bypass vulnerabilities in Netgear\u0027s various devices. Attackers exploit vulnerabilities to directly pass input command lines on unverified web pages and initiate command injection attacks. Security vulnerabilities exist in multiple files in several Netgear products. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WN802Tv2 prior to 3.5.5.0; WNAP210v2 prior to 3.5.5.0; WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5 Versions prior to .5.0; versions prior to WNDAP660 3.5.5.0. Hello,\n\nWe\u2019d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. This has been assigned CVE-2016-1555. Affected devices include:\n\nNetgear WN604\nNetgear WN802Tv2\nNetgear WNAP210\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the \u0027dlink_uid\u0027 cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:\n\nD-Link DAP-2310\nD-Link DAP-2330\nD-Link DAP-2360\nD-Link DAP-2553\nD-Link DAP-2660\nD-Link DAP-2690\nD-Link DAP-2695\n\nSeveral Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:\n\nNetgear WN604\nNetgear WNAP210\nNetgear WNAP320\nNetgear WND930\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID\u2019s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:\n\nD-Link DAP-1353\nD-Link DAP-2553\nD-Link DAP-3520\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nWe have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. \n\nThanks,\n\nDominic\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90374",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90374"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1555",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "135956",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "45909",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01687",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "150478",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-90374",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1555",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"id": "VAR-201704-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
}
],
"trust": 1.2278612025
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
}
]
},
"last_update_date": "2023-12-18T12:37:29.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2016-1555 - Notification",
"trust": 0.8,
"url": "https://kb.netgear.com/30480/cve-2016-1555-notification"
},
{
"title": "Multiple Netgear Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91631"
},
{
"title": "faisalfs10x",
"trust": 0.1,
"url": "https://github.com/faisalfs10x/faisalfs10x "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
},
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2016/feb/112"
},
{
"trust": 1.8,
"url": "https://kb.netgear.com/30480/cve-2016-1555-notification?cid=wmt_netgear_organic"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/45909/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1555"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1555"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://github.com/faisalfs10x/faisalfs10x"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/netgear_unauth_exec"
},
{
"trust": 0.1,
"url": "https://github.com/firmadyne/firmadyne."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1558"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90374"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"date": "2016-02-26T17:22:22",
"db": "PACKETSTORM",
"id": "135956"
},
{
"date": "2017-04-21T15:59:00.333000",
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"date": "2019-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-90374"
},
{
"date": "2019-04-16T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"date": "2019-04-16T18:00:19.893000",
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"date": "2019-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Netgear Vulnerability to execute arbitrary commands in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
],
"trust": 0.6
}
}