VAR-202004-1333
Vulnerability from variot - Updated: 2023-12-18 13:33Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. ReadyNAS Surveillance Exists in a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR ReadyNAS Surveillance is an additional application for NETGEAR ReadyNAS from NETGEAR. This program can expand surveillance video management capabilities for NETGEAR ReadyNAS devices. Attackers can exploit this vulnerability to gain administrator privileges, execute commands on the ReadyNAS Surveillance system, and possibly control the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "readynas surveillance",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "1.4.3-15"
},
{
"model": "readynas surveillance",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.4-5"
},
{
"model": "readynas surveillance",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.4-5-arm"
},
{
"model": "readynas surveillance",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.4.3-15 -x86"
},
{
"model": "readynas surveillance",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.1.4-5"
},
{
"model": "readynas surveillance",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.4.3-15"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "NVD",
"id": "CVE-2017-18861"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"versionEndIncluding": "1.4.3-15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:arm:*",
"cpe_name": [],
"versionEndIncluding": "1.1.4-5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18861"
}
]
},
"cve": "CVE-2017-18861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-014993",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "VHN-110026",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "CVE-2017-18861",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014993",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-18861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2017-014993",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110026",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-18861",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110026"
},
{
"db": "VULMON",
"id": "CVE-2017-18861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "NVD",
"id": "CVE-2017-18861"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. ReadyNAS Surveillance Exists in a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR ReadyNAS Surveillance is an additional application for NETGEAR ReadyNAS from NETGEAR. This program can expand surveillance video management capabilities for NETGEAR ReadyNAS devices. Attackers can exploit this vulnerability to gain administrator privileges, execute commands on the ReadyNAS Surveillance system, and possibly control the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "VULHUB",
"id": "VHN-110026"
},
{
"db": "VULMON",
"id": "CVE-2017-18861"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18861",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2260",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-110026",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-18861",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110026"
},
{
"db": "VULMON",
"id": "CVE-2017-18861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "NVD",
"id": "CVE-2017-18861"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
]
},
"id": "VAR-202004-1333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110026"
}
],
"trust": 0.65263156
},
"last_update_date": "2023-12-18T13:33:04.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for ReadyNAS Surveillance CSRF Remote Code Execution, PSV-2017-0578.",
"trust": 0.8,
"url": "https://kb.netgear.com/000038435/security-advisory-for-readynas-surveillance-csrf-remote-code-execution-psv-2017-0578"
},
{
"title": "NETGEAR ReadyNAS Surveillance Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117740"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "NVD",
"id": "CVE-2017-18861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://kb.netgear.com/000038435/security-advisory-for-readynas-surveillance-csrf-remote-code-execution-psv-2017-0578"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18861"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18861"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110026"
},
{
"db": "VULMON",
"id": "CVE-2017-18861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "NVD",
"id": "CVE-2017-18861"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110026"
},
{
"db": "VULMON",
"id": "CVE-2017-18861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"db": "NVD",
"id": "CVE-2017-18861"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110026"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18861"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"date": "2020-04-28T16:15:12.623000",
"db": "NVD",
"id": "CVE-2017-18861"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-110026"
},
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18861"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014993"
},
{
"date": "2020-05-05T19:44:03.077000",
"db": "NVD",
"id": "CVE-2017-18861"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ReadyNAS Surveillance Cross-site request forgery vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2260"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…