Details of VAR-202004-1372

ID

VAR-202004-1372

CVE

CVE-2017-18807

TITLE

NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014929

DESCRIPTION

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2017-18807 // JVNDB: JVNDB-2017-014929 // VULHUB: VHN-109966

AFFECTED PRODUCTS

vendor:	netgear	model:	readynas os	scope:	lt	version:	6.8.0	Trust: 1.0
vendor:	netgear	model:	readynas os	scope:	gte	version:	6.0	Trust: 1.0
vendor:	netgear	model:	readynas os	scope:	eq	version:	6.8.0	Trust: 0.8

sources: JVNDB: JVNDB-2017-014929 // NVD: CVE-2017-18807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18807
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18807
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014929
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-1812
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-109966
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-18807
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014929
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-109966
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18807
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18807
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.1
impactScore:	3.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014929
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-109966 // JVNDB: JVNDB-2017-014929 // CNNVD: CNNVD-202004-1812 // NVD: CVE-2017-18807 // NVD: CVE-2017-18807

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-109966 // JVNDB: JVNDB-2017-014929 // NVD: CVE-2017-18807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1812

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1812

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014929

PATCH

title:	Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-2001	url:	https://kb.netgear.com/000049058/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-2001	Trust: 0.8
title:	NETGEAR ReadyNAS OS Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117215	Trust: 0.6

sources: JVNDB: JVNDB-2017-014929 // CNNVD: CNNVD-202004-1812

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18807	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-014929	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1812	Trust: 0.7
db:	VULHUB	id:	VHN-109966	Trust: 0.1

sources: VULHUB: VHN-109966 // JVNDB: JVNDB-2017-014929 // CNNVD: CNNVD-202004-1812 // NVD: CVE-2017-18807

REFERENCES

url:	https://kb.netgear.com/000049058/security-advisory-for-stored-cross-site-scripting-vulnerability-on-some-readynas-devices-psv-2017-2001	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18807	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18807	Trust: 0.8

sources: VULHUB: VHN-109966 // JVNDB: JVNDB-2017-014929 // CNNVD: CNNVD-202004-1812 // NVD: CVE-2017-18807

SOURCES

db:	VULHUB	id:	VHN-109966
db:	JVNDB	id:	JVNDB-2017-014929
db:	CNNVD	id:	CNNVD-202004-1812
db:	NVD	id:	CVE-2017-18807

LAST UPDATE DATE

2024-11-23T22:58:18.620000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109966	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-014929	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1812	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2017-18807	date:	2024-11-21T03:20:58.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109966	date:	2020-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014929	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1812	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18807	date:	2020-04-21T16:15:51.413