Lucene search

MitreCVE-2017-18852

HistoryApr 20, 2020 - 1:15 p.m.

CVE-2017-18852

2020-04-2013:15:13

CWE-352

mitre

web.nvd.nist.gov

netgear

csrf

authentication bypass

cve-2017-18852

nvd

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.

Affected configurations

Nvd

Node

netgearr7300dst_firmwareRange<1.0.0.54

AND

netgearr7300dstMatch-

Node

netgearr8300_firmwareRange<1.0.2.100_1.0.82

AND

netgearr8300Match-

Node

netgearr8500_firmwareRange<1.0.2.100_1.0.82

AND

netgearr8500Match-

Node

netgearwndr3400_firmwareRange<1.0.1.14

AND

netgearwndr3400Matchv3

VendorProductVersionCPE
netgearr7300dst_firmware*cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*
netgearr7300dst-cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*
netgearr8300_firmware*cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*
netgearr8300-cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*
netgearr8500_firmware*cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*
netgearr8500-cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*
netgearwndr3400_firmware*cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*
netgearwndr3400v3cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	r7300dst_firmware	*	cpe:2.3:o:netgear:r7300dst_firmware::::::::
netgear	r7300dst	-	cpe:2.3:h:netgear:r7300dst:-:::::::*
netgear	r8300_firmware	*	cpe:2.3:o:netgear:r8300_firmware::::::::
netgear	r8300	-	cpe:2.3:h:netgear:r8300:-:::::::*
netgear	r8500_firmware	*	cpe:2.3:o:netgear:r8500_firmware::::::::
netgear	r8500	-	cpe:2.3:h:netgear:r8500:-:::::::*
netgear	wndr3400_firmware	*	cpe:2.3:o:netgear:wndr3400_firmware::::::::
netgear	wndr3400	v3	cpe:2.3:h:netgear:wndr3400:v3:::::::*

References

kb.netgear.com/000045849/Security-Advisory-for-CSRF-and-Authentication-Bypass-on-Some-Routers-PSV-2017-1206

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Related for CVE-2017-18852