CVE-2018-21226

EPSS 0.12%
Veröffentlicht 28.04.2020 17:15:13
Zuletzt bearbeitet 21.11.2024 04:03:13
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Jnr1010 Firmware Version < 1.1.0.48

Netgear ≫ Jnr1010 Versionv2

Netgear ≫ Jwnr2010 Firmware Version < 1.1.0.48

Netgear ≫ Jwnr2010 Versionv5

Netgear ≫ Wnr1000 Firmware Version < 1.1.0.48

Netgear ≫ Wnr1000 Versionv4

Netgear ≫ Wnr2020 Firmware Version < 1.1.0.48

Netgear ≫ Wnr2020 Version-

Netgear ≫ Wnr2050 Firmware Version < 1.1.0.48

Netgear ≫ Wnr2050 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.28

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://kb.netgear.com/000055110/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2017-0748

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-21226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-21226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-21226

EUVD