Sign-up

ID

VAR-202004-1326


CVE

CVE-2017-18854


TITLE

NETGEAR ReadyNAS Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2017-014982

DESCRIPTION

NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection. NETGEAR ReadyNAS There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR ReadyNAS OS is an operating system for ReadyNAS network-attached storage devices developed by NETGEAR. An injection vulnerability exists in NETGEAR ReadyNAS OS versions 6 through 6.6.1. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

Trust: 1.8

sources: NVD: CVE-2017-18854 // JVNDB: JVNDB-2017-014982 // VULHUB: VHN-110018 // VULMON: CVE-2017-18854

AFFECTED PRODUCTS

vendor:netgearmodel:readynas osscope:lteversion:6.6.1

Trust: 1.0

vendor:netgearmodel:readynas osscope:gteversion:6.0

Trust: 1.0

vendor:netgearmodel:readynas osscope:eqversion:6.6.1

Trust: 0.9

vendor:netgearmodel:readynas osscope:eqversion:6.0

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.4.2

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.5.0

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.5.1

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.5.2

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.6.0

Trust: 0.1

sources: VULMON: CVE-2017-18854 // JVNDB: JVNDB-2017-014982 // NVD: CVE-2017-18854

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18854
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18854
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014982
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-2384
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110018
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18854
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18854
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-014982
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-110018
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18854
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18854
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014982
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-110018 // VULMON: CVE-2017-18854 // JVNDB: JVNDB-2017-014982 // CNNVD: CNNVD-202004-2384 // NVD: CVE-2017-18854 // NVD: CVE-2017-18854

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

sources: VULHUB: VHN-110018 // JVNDB: JVNDB-2017-014982 // NVD: CVE-2017-18854

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2384

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2384

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014982

PATCH
title:Security Advisory for Operating System Command Injection on ReadyNAS OS 6 Storage Systems, PSV-2017-2002url:https://kb.netgear.com/000044333/Security-Advisory-for-Operating-System-Command-Injection-on-ReadyNAS-OS-6-Storage-Systems-PSV-2017-2002
Trust: 0.8
title:NETGEAR ReadyNAS OS Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117759
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014982 // 
            
            
            
            CNNVD: CNNVD-202004-2384

EXTERNAL IDS
db:NVDid:CVE-2017-18854
Trust: 2.6
db:JVNDBid:JVNDB-2017-014982
Trust: 0.8
db:CNNVDid:CNNVD-202004-2384
Trust: 0.7
db:CNVDid:CNVD-2020-28760
Trust: 0.1
db:VULHUBid:VHN-110018
Trust: 0.1
db:VULMONid:CVE-2017-18854
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110018 // 
            
            
            
            VULMON: CVE-2017-18854 // 
            
            
            
            JVNDB: JVNDB-2017-014982 // 
            
            
            
            CNNVD: CNNVD-202004-2384 // 
            
            
            
            NVD: CVE-2017-18854

REFERENCES
url:https://kb.netgear.com/000044333/security-advisory-for-operating-system-command-injection-on-readynas-os-6-storage-systems-psv-2017-2002
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18854
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18854
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110018 // 
            
            
            
            VULMON: CVE-2017-18854 // 
            
            
            
            JVNDB: JVNDB-2017-014982 // 
            
            
            
            CNNVD: CNNVD-202004-2384 // 
            
            
            
            NVD: CVE-2017-18854

SOURCES
db:VULHUBid:VHN-110018
db:VULMONid:CVE-2017-18854
db:JVNDBid:JVNDB-2017-014982
db:CNNVDid:CNNVD-202004-2384
db:NVDid:CVE-2017-18854

LAST UPDATE DATE
2024-11-23T22:16:30.462000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110018date:2020-05-07T00:00:00
db:VULMONid:CVE-2017-18854date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2017-014982date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2384date:2020-05-07T00:00:00
db:NVDid:CVE-2017-18854date:2024-11-21T03:21:06.047

SOURCES RELEASE DATE
db:VULHUBid:VHN-110018date:2020-04-29T00:00:00
db:VULMONid:CVE-2017-18854date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2017-014982date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2384date:2020-04-29T00:00:00
db:NVDid:CVE-2017-18854date:2020-04-29T14:15:12.717