Details of VAR-202004-1376

ID

VAR-202004-1376

CVE

CVE-2017-18811

TITLE

NETGEAR ReadyNAS OS Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-014976

DESCRIPTION

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. NETGEAR ReadyNAS OS Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2017-18811 // JVNDB: JVNDB-2017-014976 // VULHUB: VHN-109971

AFFECTED PRODUCTS

vendor:	netgear	model:	readynas os	scope:	lt	version:	6.8.0	Trust: 1.0
vendor:	netgear	model:	readynas os	scope:	gte	version:	6.0	Trust: 1.0
vendor:	netgear	model:	readynas os	scope:	eq	version:	6.8.0	Trust: 0.8

sources: JVNDB: JVNDB-2017-014976 // NVD: CVE-2017-18811

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18811
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2017-18811
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2017-014976
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-1795
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-109971
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-18811
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2017-014976
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-109971
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18811
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2017-18811
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.1
impactScore:	3.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2017-014976
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-109971 // JVNDB: JVNDB-2017-014976 // CNNVD: CNNVD-202004-1795 // NVD: CVE-2017-18811 // NVD: CVE-2017-18811

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-109971 // JVNDB: JVNDB-2017-014976 // NVD: CVE-2017-18811

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1795

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1795

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014976

PATCH

title:	Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0299	url:	https://kb.netgear.com/000049054/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0299	Trust: 0.8
title:	NETGEAR ReadyNAS OS Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116276	Trust: 0.6

sources: JVNDB: JVNDB-2017-014976 // CNNVD: CNNVD-202004-1795

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18811	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-014976	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1795	Trust: 0.7
db:	VULHUB	id:	VHN-109971	Trust: 0.1

sources: VULHUB: VHN-109971 // JVNDB: JVNDB-2017-014976 // CNNVD: CNNVD-202004-1795 // NVD: CVE-2017-18811

REFERENCES

url:	https://kb.netgear.com/000049054/security-advisory-for-stored-cross-site-scripting-vulnerability-on-some-readynas-devices-psv-2017-0299	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18811	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18811	Trust: 0.8

sources: VULHUB: VHN-109971 // JVNDB: JVNDB-2017-014976 // CNNVD: CNNVD-202004-1795 // NVD: CVE-2017-18811

SOURCES

db:	VULHUB	id:	VHN-109971
db:	JVNDB	id:	JVNDB-2017-014976
db:	CNNVD	id:	CNNVD-202004-1795
db:	NVD	id:	CVE-2017-18811

LAST UPDATE DATE

2024-11-23T22:11:30.723000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109971	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014976	date:	2020-05-27T00:00:00
db:	CNNVD	id:	CNNVD-202004-1795	date:	2020-04-29T00:00:00
db:	NVD	id:	CVE-2017-18811	date:	2024-11-21T03:20:59.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109971	date:	2020-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-014976	date:	2020-05-27T00:00:00
db:	CNNVD	id:	CNNVD-202004-1795	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2017-18811	date:	2020-04-21T15:15:13.787