CVE-2017-18853 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2017-18853

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-29 Apr, 2020 | 14:15

Updated At-05 May, 2020 | 20:43

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.0	9.6	CRITICAL	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

>>d8500>>-

cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*

>>d8500_firmware>>Versions up to 1.0.3.27(inclusive)

cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*

>>dgn2200_firmware>>Versions up to 1.0.0.82(inclusive)

cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

>>r6300>>v2

cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*

>>r6300_firmware>>Versions up to 1.0.4.06(inclusive)

cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*

>>r6400>>-

cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*

>>r6400_firmware>>Versions up to 1.0.1.20(inclusive)

cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*

>>r6400>>v2

cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*

>>r6400_firmware>>Versions up to 1.0.2.18(inclusive)

cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*

>>r6700>>-

cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*

>>r6700_firmware>>Versions up to 1.0.1.22(inclusive)

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

>>r6900>>-

cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*

>>r6900_firmware>>Versions up to 1.0.1.20(inclusive)

cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*

>>r7000>>-

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

>>r7000_firmware>>Versions up to 1.0.7.10(inclusive)

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

>>r7000p_firmware>>Versions up to 1.0.0.58(inclusive)

cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*

>>r7100lg_firmware>>Versions up to 1.0.0.28(inclusive)

cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*

>>r7300dst_firmware>>Versions up to 1.0.0.52(inclusive)

cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*

>>r7900_firmware>>Versions up to 1.0.1.12(inclusive)

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

>>r7900>>-

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

>>r8000_firmware>>Versions up to 1.0.3.46(inclusive)

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

>>r8000>>-

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

>>r8300_firmware>>Versions up to 1.0.2.86(inclusive)

cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*

>>r8300>>-

cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*

>>r8500_firmware>>Versions up to 1.0.2.86(inclusive)

cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*

>>r8500>>-

cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

>>wndr3400_firmware>>Versions up to 1.0.1.8(inclusive)

cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*

>>wndr4500_firmware>>Versions up to 1.0.0.62(inclusive)

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Routers-and-Modem-Routers-PSV-2017-0677	cve@mitre.org	Vendor Advisory