Sign-up

ID

VAR-202004-1328


CVE

CVE-2017-18856


TITLE

NETGEAR ReadyNAS Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014984

DESCRIPTION

NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection. NETGEAR ReadyNAS A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Injection vulnerabilities exist in NETGEAR ReadyNAS OS 6.0 and later (version 6.6.1 has been fixed). The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

Trust: 1.8

sources: NVD: CVE-2017-18856 // JVNDB: JVNDB-2017-014984 // VULHUB: VHN-110020 // VULMON: CVE-2017-18856

AFFECTED PRODUCTS

vendor:netgearmodel:readynas osscope:ltversion:6.6.1

Trust: 1.0

vendor:netgearmodel:readynas osscope:gteversion:6.0

Trust: 1.0

vendor:netgearmodel:readynas osscope:eqversion:6.6.1

Trust: 0.8

vendor:netgearmodel:readynas osscope:eqversion:6.0

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.4.2

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.5.0

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.5.1

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.5.2

Trust: 0.1

vendor:netgearmodel:readynas osscope:eqversion:6.6.0

Trust: 0.1

sources: VULMON: CVE-2017-18856 // JVNDB: JVNDB-2017-014984 // NVD: CVE-2017-18856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18856
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014984
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-2388
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110020
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18856
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18856
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-014984
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-110020
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18856
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2017-014984
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-110020 // VULMON: CVE-2017-18856 // JVNDB: JVNDB-2017-014984 // CNNVD: CNNVD-202004-2388 // NVD: CVE-2017-18856

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

sources: VULHUB: VHN-110020 // JVNDB: JVNDB-2017-014984 // NVD: CVE-2017-18856

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2388

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2388

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014984

PATCH
title:Security Advisory for Operating System Command Injection on ReadyNAS OS 6 Storage Systems, PSV-2017-2002url:https://kb.netgear.com/000044333/Security-Advisory-for-Operating-System-Command-Injection-on-ReadyNAS-OS-6-Storage-Systems-PSV-2017-2002
Trust: 0.8
title:NETGEAR ReadyNAS OS Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117762
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014984 // 
            
            
            
            CNNVD: CNNVD-202004-2388

EXTERNAL IDS
db:NVDid:CVE-2017-18856
Trust: 2.6
db:JVNDBid:JVNDB-2017-014984
Trust: 0.8
db:CNNVDid:CNNVD-202004-2388
Trust: 0.7
db:CNVDid:CNVD-2020-28762
Trust: 0.1
db:VULHUBid:VHN-110020
Trust: 0.1
db:VULMONid:CVE-2017-18856
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110020 // 
            
            
            
            VULMON: CVE-2017-18856 // 
            
            
            
            JVNDB: JVNDB-2017-014984 // 
            
            
            
            CNNVD: CNNVD-202004-2388 // 
            
            
            
            NVD: CVE-2017-18856

REFERENCES
url:https://kb.netgear.com/000044333/security-advisory-for-operating-system-command-injection-on-readynas-os-6-storage-systems-psv-2017-2002
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18856
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18856
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110020 // 
            
            
            
            VULMON: CVE-2017-18856 // 
            
            
            
            JVNDB: JVNDB-2017-014984 // 
            
            
            
            CNNVD: CNNVD-202004-2388 // 
            
            
            
            NVD: CVE-2017-18856

SOURCES
db:VULHUBid:VHN-110020
db:VULMONid:CVE-2017-18856
db:JVNDBid:JVNDB-2017-014984
db:CNNVDid:CNNVD-202004-2388
db:NVDid:CVE-2017-18856

LAST UPDATE DATE
2024-11-23T22:29:39.087000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110020date:2020-05-07T00:00:00
db:VULMONid:CVE-2017-18856date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2017-014984date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2388date:2020-05-07T00:00:00
db:NVDid:CVE-2017-18856date:2024-11-21T03:21:06.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-110020date:2020-04-29T00:00:00
db:VULMONid:CVE-2017-18856date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2017-014984date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2388date:2020-04-29T00:00:00
db:NVDid:CVE-2017-18856date:2020-04-29T14:15:13.620