Sign-up

ID

VAR-202004-1333


CVE

CVE-2017-18861


TITLE

ReadyNAS Surveillance Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-014993

DESCRIPTION

Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. ReadyNAS Surveillance Exists in a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR ReadyNAS Surveillance is an additional application for NETGEAR ReadyNAS from NETGEAR. This program can expand surveillance video management capabilities for NETGEAR ReadyNAS devices. Attackers can exploit this vulnerability to gain administrator privileges, execute commands on the ReadyNAS Surveillance system, and possibly control the system

Trust: 1.8

sources: NVD: CVE-2017-18861 // JVNDB: JVNDB-2017-014993 // VULHUB: VHN-110026 // VULMON: CVE-2017-18861

AFFECTED PRODUCTS

vendor:netgearmodel:readynas surveillancescope:lteversion:1.4.3-15

Trust: 1.0

vendor:netgearmodel:readynas surveillancescope:lteversion:1.1.4-5

Trust: 1.0

vendor:netgearmodel:readynas surveillancescope:eqversion:1.1.4-5-arm

Trust: 0.8

vendor:netgearmodel:readynas surveillancescope:eqversion:1.4.3-15 -x86

Trust: 0.8

vendor:netgearmodel:readynas surveillancescope:eqversion:1.1.4-5

Trust: 0.1

vendor:netgearmodel:readynas surveillancescope:eqversion:1.4.3-15

Trust: 0.1

sources: VULMON: CVE-2017-18861 // JVNDB: JVNDB-2017-014993 // NVD: CVE-2017-18861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18861
value: HIGH

Trust: 1.0

NVD: JVNDB-2017-014993
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2260
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110026
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18861
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18861
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-014993
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-110026
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18861
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2017-014993
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-110026 // VULMON: CVE-2017-18861 // JVNDB: JVNDB-2017-014993 // CNNVD: CNNVD-202004-2260 // NVD: CVE-2017-18861

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-110026 // JVNDB: JVNDB-2017-014993 // NVD: CVE-2017-18861

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2260

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202004-2260

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014993

PATCH
title:Security Advisory for ReadyNAS Surveillance CSRF Remote Code Execution, PSV-2017-0578.url:https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578
Trust: 0.8
title:NETGEAR ReadyNAS Surveillance Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117740
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014993 // 
            
            
            
            CNNVD: CNNVD-202004-2260

EXTERNAL IDS
db:NVDid:CVE-2017-18861
Trust: 2.6
db:JVNDBid:JVNDB-2017-014993
Trust: 0.8
db:CNNVDid:CNNVD-202004-2260
Trust: 0.7
db:VULHUBid:VHN-110026
Trust: 0.1
db:VULMONid:CVE-2017-18861
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110026 // 
            
            
            
            VULMON: CVE-2017-18861 // 
            
            
            
            JVNDB: JVNDB-2017-014993 // 
            
            
            
            CNNVD: CNNVD-202004-2260 // 
            
            
            
            NVD: CVE-2017-18861

REFERENCES
url:https://kb.netgear.com/000038435/security-advisory-for-readynas-surveillance-csrf-remote-code-execution-psv-2017-0578
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18861
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18861
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110026 // 
            
            
            
            VULMON: CVE-2017-18861 // 
            
            
            
            JVNDB: JVNDB-2017-014993 // 
            
            
            
            CNNVD: CNNVD-202004-2260 // 
            
            
            
            NVD: CVE-2017-18861

SOURCES
db:VULHUBid:VHN-110026
db:VULMONid:CVE-2017-18861
db:JVNDBid:JVNDB-2017-014993
db:CNNVDid:CNNVD-202004-2260
db:NVDid:CVE-2017-18861

LAST UPDATE DATE
2024-11-23T22:41:06.800000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110026date:2020-05-05T00:00:00
db:VULMONid:CVE-2017-18861date:2020-05-05T00:00:00
db:JVNDBid:JVNDB-2017-014993date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2260date:2020-05-14T00:00:00
db:NVDid:CVE-2017-18861date:2024-11-21T03:21:07.090

SOURCES RELEASE DATE
db:VULHUBid:VHN-110026date:2020-04-28T00:00:00
db:VULMONid:CVE-2017-18861date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2017-014993date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2260date:2020-04-28T00:00:00
db:NVDid:CVE-2017-18861date:2020-04-28T16:15:12.623