CVE-2017-18776 - OpenCVE

Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Wnr2020 Firmware Wnr2050 D6100 Firmware R6100 Firmware R7500 Firmware Wndr4500 Firmware D7000 Firmware Jwnr2010 R6220 Firmware Wnr1000 Firmware R6100 R6220 Wnr2000 Firmware Wnr2000 Jnr1010 Firmware D7800 Firmware Wndr4300 D6100 Jnr1010 Wnr1000 Wndr4300 Firmware D7800 Wnr2050 Firmware Wndr4500 Wnr2020 Jwnr2010 Firmware R7500 D7000

Configuration 1 [-]

AND

cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:v1:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000049552/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2017-0387	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-22T14:43:25

Updated: 2020-04-22T14:43:25

Reserved: 2020-04-20T00:00:00

Link: CVE-2017-18776

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-22T15:15:12.050

Modified: 2020-04-24T16:06:05.247

Link: CVE-2017-18776

JSON object: View

Redhat Information

No data.

CWE

CWE-287