Details of VAR-201707-0843

ID

VAR-201707-0843

CVE

CVE-2017-11646

TITLE

NetComm Wireless 4GT101W Router Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-19557 // CNNVD: CNNVD-201707-1312

DESCRIPTION

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device. NetComm Wireless 4GT101W Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetCommWireless4GT101Wrouters is a wireless router product from NetCommWireless, Australia. A cross-site request forgery vulnerability exists in the NetCommWireless4GT101W router running hardware version 0.01/software version 1.1.8.8/bootloader version 1.1.3. A remote attacker could exploit this vulnerability to perform unauthorized operations

Trust: 2.16

sources: NVD: CVE-2017-11646 // JVNDB: JVNDB-2017-006638 // CNVD: CNVD-2017-19557

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-19557

AFFECTED PRODUCTS

vendor:	netcomm	model:	4gt101w software	scope:	eq	version:	1.1.8.8	Trust: 2.4
vendor:	netcomm	model:	4gt101w bootloader	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	netcomm	model:	4gt101w boot loader	scope:	eq	version:	1.1.3	Trust: 0.8
vendor:	netcomm	model:	wireless 4gt101w routers	scope:	eq	version:	0.01	Trust: 0.6
vendor:	netcomm	model:	wireless 4gt101w routers	scope:	eq	version:	v1.1.8.8	Trust: 0.6
vendor:	netcomm	model:	wireless 4gt101w routers	scope:	eq	version:	1.1.3	Trust: 0.6

sources: CNVD: CNVD-2017-19557 // JVNDB: JVNDB-2017-006638 // CNNVD: CNNVD-201707-1312 // NVD: CVE-2017-11646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11646
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-11646
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-19557
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201707-1312
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-11646
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-19557
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-11646
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-19557 // JVNDB: JVNDB-2017-006638 // CNNVD: CNNVD-201707-1312 // NVD: CVE-2017-11646

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2017-006638 // NVD: CVE-2017-11646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1312

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201707-1312

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006638

PATCH

title:

Top Page

url:

http://www.netcommwireless.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-006638

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11646	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-006638	Trust: 0.8
db:	CNVD	id:	CNVD-2017-19557	Trust: 0.6
db:	CNNVD	id:	CNNVD-201707-1312	Trust: 0.6

sources: CNVD: CNVD-2017-19557 // JVNDB: JVNDB-2017-006638 // CNNVD: CNNVD-201707-1312 // NVD: CVE-2017-11646

REFERENCES

url:	https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html	Trust: 2.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11646	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11646	Trust: 0.8
url:	https://iscouncil.blogspot.jp/2017/07/cross-site-request-forgery.html	Trust: 0.8

sources: CNVD: CNVD-2017-19557 // JVNDB: JVNDB-2017-006638 // CNNVD: CNNVD-201707-1312 // NVD: CVE-2017-11646

SOURCES

db:	CNVD	id:	CNVD-2017-19557
db:	JVNDB	id:	JVNDB-2017-006638
db:	CNNVD	id:	CNNVD-201707-1312
db:	NVD	id:	CVE-2017-11646

LAST UPDATE DATE

2025-04-20T23:34:19.994000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-19557	date:	2017-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-006638	date:	2017-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201707-1312	date:	2017-07-31T00:00:00
db:	NVD	id:	CVE-2017-11646	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-19557	date:	2017-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-006638	date:	2017-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201707-1312	date:	2017-07-27T00:00:00
db:	NVD	id:	CVE-2017-11646	date:	2017-07-28T05:29:00.417