CVE-2017-18776

EPSS 0.04%
Veröffentlicht 22.04.2020 15:15:12
Zuletzt bearbeitet 21.11.2024 03:20:53
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ D6100 Firmware Version < 1.0.0.55

Netgear ≫ D6100 Version-

Netgear ≫ D7000 Firmware Version < 1.0.1.50

Netgear ≫ D7000 Version-

Netgear ≫ D7800 Firmware Version < 1.0.1.24

Netgear ≫ D7800 Version-

Netgear ≫ Jnr1010 Firmware Version < 1.1.0.40

Netgear ≫ Jnr1010 Versionv2

Netgear ≫ Jwnr2010 Firmware Version < 1.1.0.40

Netgear ≫ Jwnr2010 Versionv5

Netgear ≫ R6100 Firmware Version < 1.0.1.12

Netgear ≫ R6100 Version-

Netgear ≫ R6220 Firmware Version < 1.1.0.50

Netgear ≫ R6220 Version-

Netgear ≫ R7500 Firmware Version < 1.0.0.108

Netgear ≫ R7500 Version-

Netgear ≫ R7500 Firmware Version < 1.0.3.10

Netgear ≫ R7500 Versionv2

Netgear ≫ Wndr4300 Firmware Version < 1.0.2.88

Netgear ≫ Wndr4300 Versionv1

Netgear ≫ Wndr4300 Firmware Version < 1.0.0.48

Netgear ≫ Wndr4300 Versionv2

Netgear ≫ Wndr4500 Firmware Version < 1.0.0.48

Netgear ≫ Wndr4500 Versionv3

Netgear ≫ Wnr1000 Firmware Version < 1.1.0.40

Netgear ≫ Wnr1000 Versionv4

Netgear ≫ Wnr2000 Firmware Version < 1.0.0.42

Netgear ≫ Wnr2000 Versionv5

Netgear ≫ Wnr2020 Firmware Version < 1.1.0.40

Netgear ≫ Wnr2020 Version-

Netgear ≫ Wnr2050 Firmware Version < 1.1.0.40

Netgear ≫ Wnr2050 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.105

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	8.4	2.5	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18776

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18776

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18776

EUVD