Sign-up

ID

VAR-202004-1375


CVE

CVE-2017-18810


TITLE

NETGEAR ReadyNAS OS 6 Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014931

DESCRIPTION

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS 6 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2017-18810 // JVNDB: JVNDB-2017-014931 // VULHUB: VHN-109970 // VULMON: CVE-2017-18810

AFFECTED PRODUCTS

vendor:netgearmodel:readynas osscope:ltversion:6.8.0

Trust: 1.0

vendor:netgearmodel:readynas osscope:gteversion:6.0

Trust: 1.0

vendor:netgearmodel:readynas osscope:eqversion:6.8.0

Trust: 0.8

sources: JVNDB: JVNDB-2017-014931 // NVD: CVE-2017-18810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18810
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2017-18810
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-014931
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-1793
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109970
value: LOW

Trust: 0.1

VULMON: CVE-2017-18810
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-18810
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-014931
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-109970
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18810
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18810
baseSeverity: MEDIUM
baseScore: 5.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.1
impactScore: 3.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-014931
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-109970 // VULMON: CVE-2017-18810 // JVNDB: JVNDB-2017-014931 // CNNVD: CNNVD-202004-1793 // NVD: CVE-2017-18810 // NVD: CVE-2017-18810

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-109970 // JVNDB: JVNDB-2017-014931 // NVD: CVE-2017-18810

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1793

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1793

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014931

PATCH
title:Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0300url:https://kb.netgear.com/000049055/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0300
Trust: 0.8
title:NETGEAR ReadyNAS OS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117209
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014931 // 
            
            
            
            CNNVD: CNNVD-202004-1793

EXTERNAL IDS
db:NVDid:CVE-2017-18810
Trust: 2.6
db:JVNDBid:JVNDB-2017-014931
Trust: 0.8
db:CNNVDid:CNNVD-202004-1793
Trust: 0.7
db:VULHUBid:VHN-109970
Trust: 0.1
db:VULMONid:CVE-2017-18810
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109970 // 
            
            
            
            VULMON: CVE-2017-18810 // 
            
            
            
            JVNDB: JVNDB-2017-014931 // 
            
            
            
            CNNVD: CNNVD-202004-1793 // 
            
            
            
            NVD: CVE-2017-18810

REFERENCES
url:https://kb.netgear.com/000049055/security-advisory-for-stored-cross-site-scripting-vulnerability-on-some-readynas-devices-psv-2017-0300
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18810
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18810
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109970 // 
            
            
            
            VULMON: CVE-2017-18810 // 
            
            
            
            JVNDB: JVNDB-2017-014931 // 
            
            
            
            CNNVD: CNNVD-202004-1793 // 
            
            
            
            NVD: CVE-2017-18810

SOURCES
db:VULHUBid:VHN-109970
db:VULMONid:CVE-2017-18810
db:JVNDBid:JVNDB-2017-014931
db:CNNVDid:CNNVD-202004-1793
db:NVDid:CVE-2017-18810

LAST UPDATE DATE
2024-11-23T22:41:06.746000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109970date:2020-04-24T00:00:00
db:VULMONid:CVE-2017-18810date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2017-014931date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1793date:2020-04-26T00:00:00
db:NVDid:CVE-2017-18810date:2024-11-21T03:20:59.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-109970date:2020-04-21T00:00:00
db:VULMONid:CVE-2017-18810date:2020-04-21T00:00:00
db:JVNDBid:JVNDB-2017-014931date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1793date:2020-04-21T00:00:00
db:NVDid:CVE-2017-18810date:2020-04-21T15:15:13.727