Search criteria
11 vulnerabilities found for wnap320 by netgear
VAR-202004-1532
Vulnerability from variot - Updated: 2023-12-18 14:00Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap360",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac505",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21096"
}
]
},
"cve": "CVE-2018-21096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016402",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2018-21096",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016402",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21096",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2018-016402",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2185",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-21096",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "VULMON",
"id": "CVE-2018-21096"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21096",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-21096",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"id": "VAR-202004-1532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4320588036363636
},
"last_update_date": "2023-12-18T14:00:31.700000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0096",
"trust": 0.8,
"url": "https://kb.netgear.com/000060455/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0096"
},
{
"title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117708"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000060455/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0096"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21096"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21096"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"date": "2020-04-27T16:15:12.663000",
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21096"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016402"
},
{
"date": "2020-05-04T14:49:48.007000",
"db": "NVD",
"id": "CVE-2018-21096"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2185"
}
],
"trust": 0.6
}
}
VAR-202004-1533
Vulnerability from variot - Updated: 2023-12-18 13:47Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all wireless access points (AP) of NETGEAR.
There are buffer overflow vulnerabilities in many NETGEAR products, and remote attackers can use this vulnerability to execute arbitrary code by sending specially crafted requests. This affects WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WAC120 prior to 2.1.7, WN604 prior to 3.3.10, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, and WND930 prior to 2.1.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac505",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21097"
}
]
},
"cve": "CVE-2018-21097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016403",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28140",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-21097",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016403",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21097",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21097",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016403",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-28140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2187",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-21097",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all wireless access points (AP) of NETGEAR. \n\r\n\r\nThere are buffer overflow vulnerabilities in many NETGEAR products, and remote attackers can use this vulnerability to execute arbitrary code by sending specially crafted requests. This affects WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WAC120 prior to 2.1.7, WN604 prior to 3.3.10, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, and WND930 prior to 2.1.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21097",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28140",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-21097",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"id": "VAR-202004-1533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
}
],
"trust": 1.065498345
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
}
]
},
"last_update_date": "2023-12-18T13:47:32.814000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Pre-Authentication Stack Overflow on Some Wireless Access Points, PSV-2018-0094",
"trust": 0.8,
"url": "https://kb.netgear.com/000060457/security-advisory-for-pre-authentication-stack-overflow-on-some-wireless-access-points-psv-2018-0094"
},
{
"title": "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28140)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/217425"
},
{
"title": "Multiple NETGEAR Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21097"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000060457/security-advisory-for-pre-authentication-stack-overflow-on-some-wireless-access-points-psv-2018-0094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21097"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"date": "2020-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"date": "2020-04-27T16:15:12.710000",
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28140"
},
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21097"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016403"
},
{
"date": "2020-05-04T14:15:46.887000",
"db": "NVD",
"id": "CVE-2018-21097"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Out-of-bounds write vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016403"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2187"
}
],
"trust": 0.6
}
}
VAR-202004-1515
Vulnerability from variot - Updated: 2023-12-18 13:37Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.20.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"cve": "CVE-2017-18863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18863",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014995",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18863",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014995",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18863",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "VULMON",
"id": "CVE-2017-18863"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18863",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"id": "VAR-202004-1515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4443443822222222
},
"last_update_date": "2023-12-18T13:37:50.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for PHP Vulnerabilities on Wireless Access Points, PSV-2017-0517 and PSV-2016-0258",
"trust": 0.8,
"url": "https://kb.netgear.com/000037827/security-advisory-for-php-vulnerabilities-on-wireless-access-points-psv-2017-0517-and-psv-2016-0258"
},
{
"title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117741"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000037827/security-advisory-for-php-vulnerabilities-on-wireless-access-points-psv-2017-0517-and-psv-2016-0258"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18863"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18863"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"date": "2020-04-28T16:15:12.747000",
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18863"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014995"
},
{
"date": "2020-05-05T13:26:01.897000",
"db": "NVD",
"id": "CVE-2017-18863"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Product injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2262"
}
],
"trust": 0.6
}
}
VAR-202004-1530
Vulnerability from variot - Updated: 2023-12-18 13:28Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap360",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac505",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.7"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "5.0.0.17"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.3"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.0.11"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.5.20.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21094"
}
]
},
"cve": "CVE-2018-21094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016405",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-21094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-016405",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016405",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-21094",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "VULMON",
"id": "CVE-2018-21094"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21094",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-21094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"id": "VAR-202004-1530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4320588036363637
},
"last_update_date": "2023-12-18T13:28:09.394000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for a Security Misconfiguration on Some Wireless Access Points, PSV-2018-0350",
"trust": 0.8,
"url": "https://kb.netgear.com/000060460/security-advisory-for-a-security-misconfiguration-on-some-wireless-access-points-psv-2018-0350"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117280"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.netgear.com/000060460/security-advisory-for-a-security-misconfiguration-on-some-wireless-access-points-psv-2018-0350"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21094"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"date": "2020-04-27T15:15:12.143000",
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-21094"
},
{
"date": "2020-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016405"
},
{
"date": "2020-05-04T15:17:47.837000",
"db": "NVD",
"id": "CVE-2018-21094"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2173"
}
],
"trust": 0.6
}
}
VAR-202004-1318
Vulnerability from variot - Updated: 2023-12-18 13:28Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"cve": "CVE-2017-18805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014895",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-57167",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014895",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18805",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18805",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014895",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-57167",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "CNVD",
"id": "CNVD-2021-57167"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18805",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-57167",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"id": "VAR-202004-1318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
}
],
"trust": 1.0737637281818182
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
}
]
},
"last_update_date": "2023-12-18T13:28:09.671000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2213",
"trust": 0.8,
"url": "https://kb.netgear.com/000049060/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2213"
},
{
"title": "Patch for NETGEAR command injection vulnerability (CNVD-2021-57167)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/283626"
},
{
"title": "Multiple NETGEAR Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116292"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18805"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049060/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2213"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18805"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"date": "2020-04-21T18:15:12.593000",
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-57167"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014895"
},
{
"date": "2020-04-23T18:51:15.087000",
"db": "NVD",
"id": "CVE-2017-18805"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014895"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1815"
}
],
"trust": 0.6
}
}
VAR-202004-1371
Vulnerability from variot - Updated: 2023-12-18 13:07Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.3.0.10"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.3.7"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.2"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.3"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.4.0"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"cve": "CVE-2017-18806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014893",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-52966",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014893",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014893",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-52966",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18806",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-52966",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"id": "VAR-202004-1371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
],
"trust": 1.0737637281818182
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
}
]
},
"last_update_date": "2023-12-18T13:07:37.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2214",
"trust": 0.8,
"url": "https://kb.netgear.com/000049061/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2214"
},
{
"title": "Patch for NETGEAR command injection vulnerability (CNVD-2021-52966)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/280076"
},
{
"title": "Multiple NETGEAR Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18806"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049061/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2214"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18806"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"date": "2020-04-21T16:15:51.337000",
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-52966"
},
{
"date": "2020-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014893"
},
{
"date": "2020-04-23T20:22:29.643000",
"db": "NVD",
"id": "CVE-2017-18806"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1835"
}
],
"trust": 0.6
}
}
VAR-202004-1556
Vulnerability from variot - Updated: 2023-12-18 12:56Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1556",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac505",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac120",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wn604",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.3.10"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wnap210",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wac120",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "5.0.5.4"
},
{
"model": "wnap210",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.5"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wndap620",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.1.7"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "3.7.11.4"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "3.7.11.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac505_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac505:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"cve": "CVE-2018-21120",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016301",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-59162",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016301",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-21120",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-21120",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2018-016301",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-59162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1917",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-21120",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-59162",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"id": "VAR-202004-1556",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
],
"trust": 1.065498345
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
}
]
},
"last_update_date": "2023-12-18T12:56:03.700000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0095",
"trust": 0.8,
"url": "https://kb.netgear.com/000060238/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0095"
},
{
"title": "Patch for Cross-site request forgery vulnerability in multiple NETGEAR products (CNVD-2021-59162)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/284356"
},
{
"title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117250"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21120"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000060238/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"date": "2020-04-22T16:15:11.903000",
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59162"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016301"
},
{
"date": "2020-04-24T19:59:43.087000",
"db": "NVD",
"id": "CVE-2018-21120"
},
{
"date": "2020-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1917"
}
],
"trust": 0.6
}
}
VAR-202206-1782
Vulnerability from variot - Updated: 2023-12-18 12:41netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. of netgear WNAP320 There are unspecified vulnerabilities in the firmware.Information may be obtained. NETGEAR WNAP320 is a wireless access point (AP) from NETGEAR. An attacker can use this vulnerability to obtain the user's cookie
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnap320",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.3"
},
{
"model": "wnap320",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "wnap320 firmware 2.0.3"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v2.0.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"db": "NVD",
"id": "CVE-2022-31876"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31876"
}
]
},
"cve": "CVE-2022-31876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-31876",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-68507",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-31876",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-31876",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-68507",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1719",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31876",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"db": "VULMON",
"id": "CVE-2022-31876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"db": "NVD",
"id": "CVE-2022-31876"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. of netgear WNAP320 There are unspecified vulnerabilities in the firmware.Information may be obtained. NETGEAR WNAP320 is a wireless access point (AP) from NETGEAR. An attacker can use this vulnerability to obtain the user\u0027s cookie",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"db": "VULMON",
"id": "CVE-2022-31876"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31876",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012239",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-68507",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1719",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-31876",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"db": "VULMON",
"id": "CVE-2022-31876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"db": "NVD",
"id": "CVE-2022-31876"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
]
},
"id": "VAR-202206-1782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68507"
}
],
"trust": 1.08863637
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68507"
}
]
},
"last_update_date": "2023-12-18T12:41:50.784000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"db": "NVD",
"id": "CVE-2022-31876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/jayus0821/uai-poc/blob/main/netgear/wnap320/unauth.md"
},
{
"trust": 2.5,
"url": "https://www.netgear.com/about/security/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31876"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31876/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"db": "VULMON",
"id": "CVE-2022-31876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"db": "NVD",
"id": "CVE-2022-31876"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"db": "VULMON",
"id": "CVE-2022-31876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"db": "NVD",
"id": "CVE-2022-31876"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"date": "2022-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31876"
},
{
"date": "2023-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"date": "2022-06-17T20:15:10.913000",
"db": "NVD",
"id": "CVE-2022-31876"
},
{
"date": "2022-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68507"
},
{
"date": "2022-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31876"
},
{
"date": "2023-08-28T08:06:00",
"db": "JVNDB",
"id": "JVNDB-2022-012239"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-31876"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of netgear \u00a0WNAP320\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1719"
}
],
"trust": 0.6
}
}
VAR-201704-0304
Vulnerability from variot - Updated: 2023-12-18 12:37Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices. The device bypasses the authentication page, and the attacker can use the vulnerability to obtain sensitive information such as wireless WPSPIN. NETGEAR WN604 is a wireless access point (AP) of NETGEAR. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WNAP210 prior to 3.5.5.0, WNAP320 prior to 3.5.5.0, WNDAP350 prior to 3.5.5.0, WNDAP360 prior to 3.5.5.0; WND930 2.0 Versions prior to .11
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap210v2",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnd930",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "2.0.4"
},
{
"model": "wndap360",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wnap320",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.3.3"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnd930",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "2.0.11"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wn604",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap210",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap320",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap350",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnd930",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wndap210v2",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnd930",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "2.0.4"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1556"
}
]
},
"cve": "CVE-2016-1556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1556",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01690",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90375",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1556",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1556",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01690",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90375",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear\u0027s various devices. The device bypasses the authentication page, and the attacker can use the vulnerability to obtain sensitive information such as wireless WPSPIN. NETGEAR WN604 is a wireless access point (AP) of NETGEAR. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WNAP210 prior to 3.5.5.0, WNAP320 prior to 3.5.5.0, WNDAP350 prior to 3.5.5.0, WNDAP360 prior to 3.5.5.0; WND930 2.0 Versions prior to .11",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1556",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "135956",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01690",
"trust": 0.6
},
{
"db": "VULDB",
"id": "81129",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90375",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"id": "VAR-201704-0304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
}
],
"trust": 1.22198852
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
}
]
},
"last_update_date": "2023-12-18T12:37:29.507000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2016-1556 - Notification",
"trust": 0.8,
"url": "https://kb.netgear.com/30481/cve-2016-1556-notification"
},
{
"title": "Multiple Netgear Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61088"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2016/feb/112"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/30481/cve-2016-1556-notification?cid=wmt_netgear_organic"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1556"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1556"
},
{
"trust": 0.6,
"url": "http://vuldb.com/?id.81129"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"db": "VULHUB",
"id": "VHN-90375"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90375"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"date": "2017-04-21T15:59:00.363000",
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01690"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90375"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008524"
},
{
"date": "2017-04-28T18:39:46.573000",
"db": "NVD",
"id": "CVE-2016-1556"
},
{
"date": "2017-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Netgear Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008524"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-395"
}
],
"trust": 0.6
}
}
VAR-201704-0305
Vulnerability from variot - Updated: 2023-12-18 12:37Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Netgear WNAP320 , WNDAP350 ,and WNDAP360 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. Security flaws exist in several Netgear products. The following products and versions are affected: Netgear WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5.5.0. Hello,
We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne.
Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php. This has been assigned CVE-2016-1555. Affected devices include:
Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:
D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695
Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:
D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.
Thanks,
Dominic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0305",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap360",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap320",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap350",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dominic Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1557",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01689",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90376",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1557",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1557",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-01689",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-393",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90376",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Netgear WNAP320 , WNDAP350 ,and WNDAP360 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear\u0027s various devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. Security flaws exist in several Netgear products. The following products and versions are affected: Netgear WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5.5.0. Hello,\n\nWe\u2019d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. \n\nSeveral Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been assigned CVE-2016-1555. Affected devices include:\n\nNetgear WN604\nNetgear WN802Tv2\nNetgear WNAP210\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the \u0027dlink_uid\u0027 cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:\n\nD-Link DAP-2310\nD-Link DAP-2330\nD-Link DAP-2360\nD-Link DAP-2553\nD-Link DAP-2660\nD-Link DAP-2690\nD-Link DAP-2695\n\nSeveral Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:\n\nD-Link DAP-1353\nD-Link DAP-2553\nD-Link DAP-3520\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nWe have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. \n\nThanks,\n\nDominic\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1557",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "135956",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01689",
"trust": 0.6
},
{
"db": "VULDB",
"id": "81131",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90376",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
]
},
"id": "VAR-201704-0305",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
}
],
"trust": 1.1813131366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
}
]
},
"last_update_date": "2023-12-18T12:37:29.569000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2016-1557 - Notification",
"trust": 0.8,
"url": "https://kb.netgear.com/30482/cve-2016-1557-notification"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2016/feb/112"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/30482/cve-2016-1557-notification?cid=wmt_netgear_organic"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1557"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1557"
},
{
"trust": 0.6,
"url": "http://vuldb.com/?id.81131"
},
{
"trust": 0.1,
"url": "https://github.com/firmadyne/firmadyne."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1558"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90376"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"date": "2016-02-26T17:22:22",
"db": "PACKETSTORM",
"id": "135956"
},
{
"date": "2017-04-21T15:59:00.410000",
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"date": "2017-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90376"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"date": "2017-04-27T19:53:14.613000",
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"date": "2017-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Netgear Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
],
"trust": 0.6
}
}
VAR-201704-0303
Vulnerability from variot - Updated: 2023-12-18 12:37(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are authentication bypass vulnerabilities in Netgear's various devices. Attackers exploit vulnerabilities to directly pass input command lines on unverified web pages and initiate command injection attacks. Security vulnerabilities exist in multiple files in several Netgear products. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WN802Tv2 prior to 3.5.5.0; WNAP210v2 prior to 3.5.5.0; WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5 Versions prior to .5.0; versions prior to WNDAP660 3.5.5.0. Hello,
We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. This has been assigned CVE-2016-1555. Affected devices include:
Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:
D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695
Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:
Netgear WN604 Netgear WNAP210 Netgear WNAP320 Netgear WND930 Netgear WNDAP350 Netgear WNDAP360
Several devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID’s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:
D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.
Thanks,
Dominic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap210v2",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn802tv2",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap360",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wnap320",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap660",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.3.3"
},
{
"model": "wn802tv2",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap210v2",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap660",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wn604",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wn802tv2",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap210",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnap320",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap350",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn604",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.3.2"
},
{
"model": "wndap210v2",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap660",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wn802tv2",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wn802tv2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wn802tv2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1555"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dominic Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1555",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01687",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90374",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1555",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1555",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-01687",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-397",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90374",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1555",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are authentication bypass vulnerabilities in Netgear\u0027s various devices. Attackers exploit vulnerabilities to directly pass input command lines on unverified web pages and initiate command injection attacks. Security vulnerabilities exist in multiple files in several Netgear products. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WN802Tv2 prior to 3.5.5.0; WNAP210v2 prior to 3.5.5.0; WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5 Versions prior to .5.0; versions prior to WNDAP660 3.5.5.0. Hello,\n\nWe\u2019d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. This has been assigned CVE-2016-1555. Affected devices include:\n\nNetgear WN604\nNetgear WN802Tv2\nNetgear WNAP210\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the \u0027dlink_uid\u0027 cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:\n\nD-Link DAP-2310\nD-Link DAP-2330\nD-Link DAP-2360\nD-Link DAP-2553\nD-Link DAP-2660\nD-Link DAP-2690\nD-Link DAP-2695\n\nSeveral Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:\n\nNetgear WN604\nNetgear WNAP210\nNetgear WNAP320\nNetgear WND930\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID\u2019s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:\n\nD-Link DAP-1353\nD-Link DAP-2553\nD-Link DAP-3520\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nWe have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. \n\nThanks,\n\nDominic\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90374",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90374"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1555",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "135956",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "45909",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01687",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "150478",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-90374",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1555",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"id": "VAR-201704-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
}
],
"trust": 1.2278612025
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
}
]
},
"last_update_date": "2023-12-18T12:37:29.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2016-1555 - Notification",
"trust": 0.8,
"url": "https://kb.netgear.com/30480/cve-2016-1555-notification"
},
{
"title": "Multiple Netgear Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91631"
},
{
"title": "faisalfs10x",
"trust": 0.1,
"url": "https://github.com/faisalfs10x/faisalfs10x "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
},
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2016/feb/112"
},
{
"trust": 1.8,
"url": "https://kb.netgear.com/30480/cve-2016-1555-notification?cid=wmt_netgear_organic"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/45909/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1555"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1555"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://github.com/faisalfs10x/faisalfs10x"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/netgear_unauth_exec"
},
{
"trust": 0.1,
"url": "https://github.com/firmadyne/firmadyne."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1558"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"db": "VULHUB",
"id": "VHN-90374"
},
{
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90374"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"date": "2016-02-26T17:22:22",
"db": "PACKETSTORM",
"id": "135956"
},
{
"date": "2017-04-21T15:59:00.333000",
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01687"
},
{
"date": "2019-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-90374"
},
{
"date": "2019-04-16T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1555"
},
{
"date": "2017-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008523"
},
{
"date": "2019-04-16T18:00:19.893000",
"db": "NVD",
"id": "CVE-2016-1555"
},
{
"date": "2019-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Netgear Vulnerability to execute arbitrary commands in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008523"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-397"
}
],
"trust": 0.6
}
}