Details of VAR-201707-0799

ID

VAR-201707-0799

CVE

CVE-2017-11645

TITLE

NetComm Wireless 4GT101W Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006637

DESCRIPTION

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. NetComm Wireless 4GT101W Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetCommWireless4GT101Wrouters is a wireless router product from NetCommWireless, Australia. A security vulnerability exists in the NetCommWireless4GT101W router running hardware version 0.01/software version 1.1.8.8/bootloader version 1.1.3. The vulnerability stems from a program failing to perform identity on logfile.html, status.html, or system_config.html pages. verification. An attacker could exploit the vulnerability to obtain information

Trust: 2.16

sources: NVD: CVE-2017-11645 // JVNDB: JVNDB-2017-006637 // CNVD: CNVD-2017-19556

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-19556

AFFECTED PRODUCTS

vendor:	netcomm	model:	4gt101w software	scope:	eq	version:	1.1.8.8	Trust: 2.4
vendor:	netcomm	model:	4gt101w bootloader	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	netcomm	model:	4gt101w boot loader	scope:	eq	version:	1.1.3	Trust: 0.8
vendor:	netcomm	model:	wireless 4gt101w routers	scope:	eq	version:	0.01	Trust: 0.6
vendor:	netcomm	model:	wireless 4gt101w routers	scope:	eq	version:	v1.1.8.8	Trust: 0.6
vendor:	netcomm	model:	wireless 4gt101w routers	scope:	eq	version:	1.1.3	Trust: 0.6

sources: CNVD: CNVD-2017-19556 // JVNDB: JVNDB-2017-006637 // CNNVD: CNNVD-201707-1380 // NVD: CVE-2017-11645

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11645
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-11645
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-19556
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201707-1380
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-11645
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-19556
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-11645
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-19556 // JVNDB: JVNDB-2017-006637 // CNNVD: CNNVD-201707-1380 // NVD: CVE-2017-11645

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-006637 // NVD: CVE-2017-11645

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1380

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201707-1380

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006637

PATCH

title:

Top Page

url:

http://www.netcommwireless.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-006637

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11645	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-006637	Trust: 0.8
db:	CNVD	id:	CNVD-2017-19556	Trust: 0.6
db:	CNNVD	id:	CNNVD-201707-1380	Trust: 0.6

sources: CNVD: CNVD-2017-19556 // JVNDB: JVNDB-2017-006637 // CNNVD: CNNVD-201707-1380 // NVD: CVE-2017-11645

REFERENCES

url:	https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html	Trust: 2.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11645	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11645	Trust: 0.8
url:	https://iscouncil.blogspot.jp/2017/07/access-violation-vulnerability-in.html	Trust: 0.8

sources: CNVD: CNVD-2017-19556 // JVNDB: JVNDB-2017-006637 // CNNVD: CNNVD-201707-1380 // NVD: CVE-2017-11645

SOURCES

db:	CNVD	id:	CNVD-2017-19556
db:	JVNDB	id:	JVNDB-2017-006637
db:	CNNVD	id:	CNNVD-201707-1380
db:	NVD	id:	CVE-2017-11645

LAST UPDATE DATE

2025-04-20T23:36:48.871000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-19556	date:	2017-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-006637	date:	2017-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201707-1380	date:	2017-07-31T00:00:00
db:	NVD	id:	CVE-2017-11645	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-19556	date:	2017-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-006637	date:	2017-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201707-1380	date:	2017-07-28T00:00:00
db:	NVD	id:	CVE-2017-11645	date:	2017-07-28T05:29:00.387