CVE-2018-21226

EPSS 0.12%
Published 28.04.2020 17:15:13
Last modified 21.11.2024 04:03:13
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Jnr1010 Firmware Version < 1.1.0.48

Netgear ≫ Jnr1010 Versionv2

Netgear ≫ Jwnr2010 Firmware Version < 1.1.0.48

Netgear ≫ Jwnr2010 Versionv5

Netgear ≫ Wnr1000 Firmware Version < 1.1.0.48

Netgear ≫ Wnr1000 Versionv4

Netgear ≫ Wnr2020 Firmware Version < 1.1.0.48

Netgear ≫ Wnr2020 Version-

Netgear ≫ Wnr2050 Firmware Version < 1.1.0.48

Netgear ≫ Wnr2050 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.28

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://kb.netgear.com/000055110/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2017-0748

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-21226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-21226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-21226

EUVD