All the vulnerabilites related to netgear - wnr618
Vulnerability from fkie_nvd
Published
2020-04-28 17:15
Modified
2024-11-21 02:45
Severity ?
Summary
Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | jnr1010_firmware | * | |
| netgear | jnr1010 | v2 | |
| netgear | jwnr2000_firmware | * | |
| netgear | jwnr2000 | v5 | |
| netgear | jwnr2010_firmware | * | |
| netgear | jwnr2010 | v5 | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v5 | |
| netgear | wnr1000_firmware | * | |
| netgear | wnr1000 | v4 | |
| netgear | wnr2020_firmware | * | |
| netgear | wnr2020 | - | |
| netgear | wnr2020_firmware | * | |
| netgear | wnr2020 | v2 | |
| netgear | wnr614_firmware | * | |
| netgear | wnr614 | - | |
| netgear | wnr618_firmware | * | |
| netgear | wnr618 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F19C07A-65D3-4FFF-9D11-58C2B4D7A531",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE79B3F-8667-43C9-962D-EE089428F144",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86B79A3A-8A63-4BD5-9016-8C98AEF737A8",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jwnr2000:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D78543E-37A7-4829-9165-D0CF52DD4867",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1059F8-32A9-4E9A-BBFF-548CFDCF676A",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "7399E5E9-40D8-4ECD-8B7B-C96A27E10282",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "717CDDCB-3DEB-4949-AAC8-D939D01A0858",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D010FA-275D-4D34-8DB8-49BEA70AF6DA",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17B45AE0-0FBF-478B-966F-B2B28C971C3C",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8218868-273B-46DB-B636-D3F9A3768069",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894CEEC8-F75E-45EB-B1C8-87BB465980BA",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2189628-03E7-445A-9EF2-656A85539115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894CEEC8-F75E-45EB-B1C8-87BB465980BA",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2020:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA06558-20FF-4E1D-BA34-9645421F8CC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr614_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D327648B-8616-4965-9471-243501A8E4E9",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8A668E-4A30-4364-AF7A-F3C814BBAACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr618_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB949B1-75B6-4262-919F-119B2D8ABF8C",
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAA7BF1-2DFE-4ADA-B3A7-F33EEAAC5962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por el manejo inapropiado de llamadas URL repetidas. Esto afecta a JNR1010v2 hasta el 06-01-2017 WNR614 hasta el 06-01-2017, WNR618 hasta el 06-01-2017, JWNR2000v5 hasta el 06-01-2017, WNR2020 hasta el 06-01-2017, JWNR2010v5 hasta el 06-01-2017, WNR1000v4 hasta el 06-01-2017, WNR2020v2 hasta el 06-01-2017, R6220 hasta el 06-01-2017, y WNDR3700v5 hasta el 06-01-2017."
}
],
"id": "CVE-2016-11057",
"lastModified": "2024-11-21T02:45:23.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T17:15:12.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-21 19:15
Modified
2024-11-21 03:20
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6050_firmware | * | |
| netgear | r6050 | - | |
| netgear | jr6150_firmware | * | |
| netgear | jr6150 | - | |
| netgear | pr2000_firmware | * | |
| netgear | pr2000 | - | |
| netgear | r6220_firmware | * | |
| netgear | r6220 | - | |
| netgear | wndr3700_firmware | * | |
| netgear | wndr3700 | v5 | |
| netgear | jnr1010_firmware | * | |
| netgear | jnr1010 | v2 | |
| netgear | jwnr2010_firmware | * | |
| netgear | jwnr2010 | v5 | |
| netgear | wnr1000_firmware | * | |
| netgear | wnr1000 | v4 | |
| netgear | wnr2020_firmware | * | |
| netgear | wnr2020 | - | |
| netgear | wnr2050_firmware | * | |
| netgear | wnr2050 | - | |
| netgear | wnr614_firmware | * | |
| netgear | wnr614 | - | |
| netgear | wnr618_firmware | * | |
| netgear | wnr618 | - | |
| netgear | d7000_firmware | * | |
| netgear | d7000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50342285-48EB-4FF5-8068-CD819017FB19",
"versionEndExcluding": "1.0.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "363D4DEE-98B9-4294-B241-1613CAD1A3A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C733375E-342E-426B-A529-3271D03D1268",
"versionEndExcluding": "1.0.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D67167E5-81D2-4892-AF41-CBB6271232D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B47967D5-4D5A-4489-BE54-19765D386612",
"versionEndExcluding": "1.0.0.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2451CC0C-71B2-474D-93F0-2B2ACD802FE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E464FF8D-6202-40BA-9740-9CCE2BC23607",
"versionEndExcluding": "1.1.0.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1F416B-C938-4AE3-B93E-03087575FF40",
"versionEndExcluding": "1.1.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B13F80BA-F4DF-4728-8591-CDEEE82BDF9E",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE79B3F-8667-43C9-962D-EE089428F144",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52C2DA42-3B95-43B4-AB3B-103607B44C33",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "7399E5E9-40D8-4ECD-8B7B-C96A27E10282",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18CB70FD-790E-4342-962A-2C9D8991B3C1",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8218868-273B-46DB-B636-D3F9A3768069",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "764C3E34-DDED-4530-A314-0D99226B9E1C",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2189628-03E7-445A-9EF2-656A85539115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "013EA9F3-64C4-4F06-989D-D00D86CF555F",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9877579C-D214-4605-93AA-2B78914CF33C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr614_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8E442A-011A-4AA0-A3D4-874BEF31702B",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8A668E-4A30-4364-AF7A-F3C814BBAACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr618_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40488E8A-95D8-4D1B-B8C8-DEA3330D575A",
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAA7BF1-2DFE-4ADA-B3A7-F33EEAAC5962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A94DD9D-0F07-4FD7-B1B0-1DD1E319B092",
"versionEndExcluding": "1.0.1.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a R6050/JR6150 versiones anteriores a la versi\u00f3n 1.0.1.7, PR2000 versiones anteriores a la versi\u00f3n 1.0.0.17, R6220 versiones anteriores a la versi\u00f3n 1.1.0.50, WNDR3700v5 versiones anteriores a la versi\u00f3n 1.1.0.48, JNR1010v2 versiones anteriores a la versi\u00f3n 1.1.0.40, JWNR2010v5 versiones anteriores a 1. 1.0.40, WNR1000v4 versiones anteriores a 1.1.0.40, WNR2020 versiones anteriores a 1.1.0.40, WNR2050 versiones anteriores a 1.1.0.40, WNR614 versiones anteriores a 1.1.0.40, WNR618 versiones anteriores a 1.1.0.40, y D7000 versiones anteriores a 1.0.1.50."
}
],
"id": "CVE-2017-18791",
"lastModified": "2024-11-21T03:20:55.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T19:15:11.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049371/Security-Advisory-for-Cross-Site-Request-Forgery-Vulnerability-on-D7000-and-Some-Routers-PSV-2017-0386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049371/Security-Advisory-for-Cross-Site-Request-Forgery-Vulnerability-on-D7000-and-Some-Routers-PSV-2017-0386"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 04:59
Modified
2024-11-21 02:43
Severity ?
Summary
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
References
Impacted products
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7C04A4-4B5C-42D8-A6C7-8DAFCC53C0BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFD1E86-F100-4E46-935D-903EB6FEFE9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826E2415-7EB3-4F34-8C9D-87A89BB9D6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C0A12D-9EEE-4DFC-8985-53D06240BBB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7617F12-EFCC-4771-AC36-CB91E36DC7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A302BB-1250-439A-947A-5727DB1CE88E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5865C3F2-1BE0-476B-A70F-A0CB01CD71EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64CA12CC-48D8-4510-983C-8350A87CD5D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66148F9B-3495-4A62-83E7-14ADD4AC1F37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3674693F-8324-4279-A402-556D5C6F31B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E70DB74E-A2E6-4F71-A066-282DC90DB603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1D13C3-5663-447F-9FD9-71EBEC471DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC498419-5D49-45D7-A941-3F7FBD4CA79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F44A123-B256-428B-98C2-17570F2F32DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2513FC0E-56A6-4E13-9F08-015B3DD22229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17340C25-0B87-4AE3-B11E-B5B2367823A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3B3F26-401C-4ED0-B871-4B4F8521F369",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB56E2-AFE5-4B5A-8B08-FF76188217D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCA6487-57EC-4630-884F-820BBFE25843",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0D1BE2-6B68-4064-8DEF-FF56452E37B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF63301F-C798-471E-ABF7-5A7E72E8588C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "372A00D7-2C17-4CFB-8C6C-B4A2D9443FD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402B39A6-D278-4738-88C6-D617A0DF6C3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E801800-09A8-49EA-AE45-A7720911BACF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1413C591-D066-4FA2-BEB1-6C60F8645F28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9189156F-2F3A-4D2E-80DC-DE626F1A179E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "512AD9E6-F154-483D-AA18-3302CEBB5B79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "606272E4-3ABE-4AB8-B84A-51FCDA997497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA7C60F-8806-476C-A833-44E2BE66265B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B326E770-649F-40DC-8C54-AA388D6085AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA4A00-2E4A-46C6-A5C6-CFC595731647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1229CFBE-D9F1-4B1E-B92F-66348D93A398",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A030BB-2FE4-4F97-95D0-4DFF9D8CC185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAC455A-F8C4-483E-9C50-9992014B12E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56B2CEC3-8C68-4089-861F-1BAC937204C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9F1804-DD77-4238-ABF1-51C735128692",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BBF3EA-0F98-4A99-8312-30E1E47AC4C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E58ACE-8833-4630-948B-D35999A4FCDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AE1DD1-5DB7-403A-805B-EDB364EF28D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F024A464-DB7D-4F6E-A951-3D8068F86470",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "671EC923-DC84-47D6-B943-0F7DA8168334",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E56E01-D7C9-4E5A-B6AC-45293C063ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2189628-03E7-445A-9EF2-656A85539115",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08F92579-8564-4D8A-A14E-259F3DDA214F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9877579C-D214-4605-93AA-2B78914CF33C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7CDC0-9FBB-408E-B5D2-376C8B4B869B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94B74E4A-3E2F-4CB1-B33D-8618ED1C7E9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC90CD42-D38E-4927-BF49-DDC9CD84F36E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9EF618-6194-4127-BD60-FB0E645C8993",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4A638-81E6-4257-9BB9-79C8662A6499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8A668E-4A30-4364-AF7A-F3C814BBAACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C04DE-CCDF-4231-B8CF-5067318D3EED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAA7BF1-2DFE-4ADA-B3A7-F33EEAAC5962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
},
{
"lang": "es",
"value": "El router NETGEAR WNR2000v5 contiene un desbordamiento de b\u00fafer en el par\u00e1metro hidden_lang_avi al invocar a la URL /apply.cgi?/lang_check.html. Este desbordamiento de b\u00fafer puede ser explotado por un atacante no autenticado para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2016-10174",
"lastModified": "2024-11-21T02:43:28.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T04:59:00.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40949/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40949/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41719/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202004-1260
Vulnerability from variot
Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. plural NETGEAR The product contains an authentication vulnerability.Information may be obtained. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass security restrictions by repeatedly calling specific URL scripts and access the router setting interface. This affects JNR1010v2 prior to 2017-01-06, WNR614 prior to 2017-01-06, WNR618 prior to 2017-01-06, JWNR2000v5 prior to 2017-01-06, WNR2020 prior to 2017-01-06, JWNR2010v5 prior to 2017-01-06, WNR1000v4 prior to 2017-01-06, WNR2020v2 prior to 2017-01-06, R6220 prior to 2017-01-06, and WNDR3700v5 prior to 2017-01-06
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnr614",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "wnr618",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "wnr2020",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "r6220",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "wnr1000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jwnr2010",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jnr1010",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "wndr3700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jwnr2000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "jwnr2000",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "wnr614",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "wnr618",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/01/06"
},
{
"model": "dgn2200v4",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jwnr2000v5",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jwnr2010v5",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "wnr1000v4",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "wnr2020v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "wndr3700v5",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.0.32"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.42"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.44"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.42"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.44"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.60"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.64"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.66"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.68"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.80"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.86"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.2.86"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.2.88"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.2.92"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.2.94"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.0.2.96"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.42"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.44"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.42"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.44"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.46"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.62"
},
{
"model": "wnr614",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr614",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.54"
},
{
"model": "wnr618",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.0.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"db": "VULMON",
"id": "CVE-2016-11057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "NVD",
"id": "CVE-2016-11057"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:jwnr2000:v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr2020:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr614_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr618_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017-01-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-11057"
}
]
},
"cve": "CVE-2016-11057",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014992",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-83565",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-11057",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014992",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-11057",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014992",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-83565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2300",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-11057",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"db": "VULMON",
"id": "CVE-2016-11057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "NVD",
"id": "CVE-2016-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. plural NETGEAR The product contains an authentication vulnerability.Information may be obtained. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass security restrictions by repeatedly calling specific URL scripts and access the router setting interface. This affects JNR1010v2 prior to 2017-01-06, WNR614 prior to 2017-01-06, WNR618 prior to 2017-01-06, JWNR2000v5 prior to 2017-01-06, WNR2020 prior to 2017-01-06, JWNR2010v5 prior to 2017-01-06, WNR1000v4 prior to 2017-01-06, WNR2020v2 prior to 2017-01-06, R6220 prior to 2017-01-06, and WNDR3700v5 prior to 2017-01-06",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-11057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"db": "VULMON",
"id": "CVE-2016-11057"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-11057",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-83565",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2300",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-11057",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"db": "VULMON",
"id": "CVE-2016-11057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "NVD",
"id": "CVE-2016-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
]
},
"id": "VAR-202004-1260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
}
],
"trust": 1.2713269
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
}
]
},
"last_update_date": "2023-12-18T12:56:04.090000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management",
"trust": 0.8,
"url": "https://kb.netgear.com/29960/netgear-product-vulnerability-advisory-potential-security-issue-associated-with-remote-management"
},
{
"title": "Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2021-83565)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/296286"
},
{
"title": "Multiple NETGEAR Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "NVD",
"id": "CVE-2016-11057"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-11057"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/29960/netgear-product-vulnerability-advisory-potential-security-issue-associated-with-remote-management"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-11057"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"db": "VULMON",
"id": "CVE-2016-11057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "NVD",
"id": "CVE-2016-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"db": "VULMON",
"id": "CVE-2016-11057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"db": "NVD",
"id": "CVE-2016-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-11057"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"date": "2020-04-28T17:15:12.353000",
"db": "NVD",
"id": "CVE-2016-11057"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83565"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2016-11057"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014992"
},
{
"date": "2020-05-06T19:57:47.600000",
"db": "NVD",
"id": "CVE-2016-11057"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Product authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2300"
}
],
"trust": 0.6
}
}
var-202004-1304
Vulnerability from variot
plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6220",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "d7000",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.50"
},
{
"model": "wnr2020",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr2050",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "pr2000",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.17"
},
{
"model": "wnr614",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr618",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr1000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jwnr2010",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jr6150",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.7"
},
{
"model": "wndr3700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "r6050",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.7"
},
{
"model": "jnr1010",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jnr1010",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jr6150",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.7"
},
{
"model": "jwnr2010",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "pr2000",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.7"
},
{
"model": "r6050",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.7"
},
{
"model": "r6220",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.0.50"
},
{
"model": "wndr3700",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "wnr1000",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr2050",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wndr3700v5",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.1.0.48"
},
{
"model": "jnr1010v2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "jwnr2010v5",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "wnr1000v4",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.1.0.40"
},
{
"model": "r6050/jr6150",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.0.1.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "NVD",
"id": "CVE-2017-18791"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.0.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr614_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr618_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18791"
}
]
},
"cve": "CVE-2017-18791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014947",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-59165",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014947",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2017-18791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014947",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-59165",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1816",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "NVD",
"id": "CVE-2017-18791"
},
{
"db": "NVD",
"id": "CVE-2017-18791"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D7000, etc. are all products of NETGEAR. NETGEAR D7000 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR R6220 is a wireless router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "CNVD",
"id": "CNVD-2021-59165"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18791",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014947",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-59165",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1816",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "NVD",
"id": "CVE-2017-18791"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
]
},
"id": "VAR-202004-1304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
}
],
"trust": 1.2196913128571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
}
]
},
"last_update_date": "2023-12-18T13:47:33.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Cross-Site Request Forgery Vulnerability on D7000, PR2000, and Some Routers PSV-2017-0386",
"trust": 0.8,
"url": "https://kb.netgear.com/000049371/security-advisory-for-cross-site-request-forgery-vulnerability-on-d7000-and-some-routers-psv-2017-0386"
},
{
"title": "Patch for Cross-site request forgery vulnerability in multiple NETGEAR products (CNVD-2021-59165)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/284371"
},
{
"title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116293"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "NVD",
"id": "CVE-2017-18791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18791"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000049371/security-advisory-for-cross-site-request-forgery-vulnerability-on-d7000-and-some-routers-psv-2017-0386"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18791"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "NVD",
"id": "CVE-2017-18791"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"db": "NVD",
"id": "CVE-2017-18791"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"date": "2020-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"date": "2020-04-21T19:15:11.897000",
"db": "NVD",
"id": "CVE-2017-18791"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-59165"
},
{
"date": "2020-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014947"
},
{
"date": "2020-05-04T15:09:05.707000",
"db": "NVD",
"id": "CVE-2017-18791"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014947"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1816"
}
],
"trust": 0.6
}
}
var-201510-0781
Vulnerability from variot
Multiple NetGear Routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0781",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnr618",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "wnr614",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "wnr2020",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "wnr1000v4",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.1.0.31"
},
{
"model": "wnr1000v4",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.1.0.28"
},
{
"model": "r3250",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "n300",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "jwnr2010v5",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.1.0.31"
},
{
"model": "jwnr2000v5",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.1.0.31"
},
{
"model": "jnr3000",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "jnr1010v2",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "77032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Haake",
"sources": [
{
"db": "BID",
"id": "77032"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple NetGear Routers are prone to a remote authentication-bypass vulnerability.\nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions.",
"sources": [
{
"db": "BID",
"id": "77032"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "77032",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "77032"
}
]
},
"id": "VAR-201510-0781",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6866851642857144
},
"last_update_date": "2022-05-17T01:59:59.883000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.netgear.com"
},
{
"trust": 0.3,
"url": "http://www.csnc.ch/misc/files/advisories/csnc-2015-007_netgear_wnr1000v4_authbypass.txt"
},
{
"trust": 0.3,
"url": "http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2015/oct/31"
}
],
"sources": [
{
"db": "BID",
"id": "77032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "77032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-07T00:00:00",
"db": "BID",
"id": "77032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-07T00:00:00",
"db": "BID",
"id": "77032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "77032"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple NetGear Routers Remote Authentication Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "77032"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "77032"
}
],
"trust": 0.3
}
}
cve-2017-18791
Vulnerability from cvelistv5
Published
2020-04-21 18:50
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:43.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000049371/Security-Advisory-for-Cross-Site-Request-Forgery-Vulnerability-on-D7000-and-Some-Routers-PSV-2017-0386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T18:50:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000049371/Security-Advisory-for-Cross-Site-Request-Forgery-Vulnerability-on-D7000-and-Some-Routers-PSV-2017-0386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000049371/Security-Advisory-for-Cross-Site-Request-Forgery-Vulnerability-on-D7000-and-Some-Routers-PSV-2017-0386",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000049371/Security-Advisory-for-Cross-Site-Request-Forgery-Vulnerability-on-D7000-and-Some-Routers-PSV-2017-0386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18791",
"datePublished": "2020-04-21T18:50:13",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-05T21:37:43.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10174
Vulnerability from cvelistv5
Published
2017-01-30 04:24
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Dec/72 | x_refsource_MISC | |
| https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95867 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/41719/ | exploit, x_refsource_EXPLOIT-DB | |
| http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/40949/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"name": "95867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"name": "41719",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"name": "40949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40949/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"name": "95867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95867"
},
{
"name": "41719",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"name": "40949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40949/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2016/Dec/72",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/72"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
},
{
"name": "95867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95867"
},
{
"name": "41719",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41719/"
},
{
"name": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability",
"refsource": "MISC",
"url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
},
{
"name": "40949",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40949/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10174",
"datePublished": "2017-01-30T04:24:00",
"dateReserved": "2017-01-29T00:00:00",
"dateUpdated": "2024-08-06T03:14:42.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-11057
Vulnerability from cvelistv5
Published
2020-04-28 16:11
Modified
2024-08-06 03:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T16:11:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11057",
"datePublished": "2020-04-28T16:11:14",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-06T03:47:34.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}