CVE-2017-18853

EPSS 0.41%
Published 29.04.2020 14:15:12
Last modified 21.11.2024 03:21:05
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ D8500 Firmware Version <= 1.0.3.27

Netgear ≫ D8500 Version-

Netgear ≫ Dgn2200 Firmware Version <= 1.0.0.82

Netgear ≫ Dgn2200 Versionv4

Netgear ≫ R6300 Firmware Version <= 1.0.4.06

Netgear ≫ R6300 Versionv2

Netgear ≫ R6400 Firmware Version <= 1.0.1.20

Netgear ≫ R6400 Version-

Netgear ≫ R6400 Firmware Version <= 1.0.2.18

Netgear ≫ R6400 Versionv2

Netgear ≫ R6700 Firmware Version <= 1.0.1.22

Netgear ≫ R6700 Version-

Netgear ≫ R6900 Firmware Version <= 1.0.1.20

Netgear ≫ R6900 Version-

Netgear ≫ R7000 Firmware Version <= 1.0.7.10

Netgear ≫ R7000 Version-

Netgear ≫ R7000p Firmware Version <= 1.0.0.58

Netgear ≫ R7000p Version-

Netgear ≫ R7100lg Firmware Version <= 1.0.0.28

Netgear ≫ R7100lg Version-

Netgear ≫ R7300dst Firmware Version <= 1.0.0.52

Netgear ≫ R7300dst Version-

Netgear ≫ R7900 Firmware Version <= 1.0.1.12

Netgear ≫ R7900 Version-

Netgear ≫ R8000 Firmware Version <= 1.0.3.46

Netgear ≫ R8000 Version-

Netgear ≫ R8300 Firmware Version <= 1.0.2.86

Netgear ≫ R8300 Version-

Netgear ≫ R8500 Firmware Version <= 1.0.2.86

Netgear ≫ R8500 Version-

Netgear ≫ Wndr3400 Firmware Version <= 1.0.1.8

Netgear ≫ Wndr3400 Versionv3

Netgear ≫ Wndr4500 Firmware Version <= 1.0.0.62

Netgear ≫ Wndr4500 Versionv2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.605

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@mitre.org	9.6	2.8	6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18853

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18853

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18853

EUVD