Details of VAR-202004-1520

ID

VAR-202004-1520

CVE

CVE-2018-11106

TITLE

plural NETGEAR Product injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-016279

DESCRIPTION

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. plural NETGEAR The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500 is a wireless LAN controller of NETGEAR. There are injection holes in the request_handler.php file in many NETGEAR products. A remote attacker can use the vulnerability to execute arbitrary commands by sending a specially crafted request

Trust: 2.16

sources: NVD: CVE-2018-11106 // JVNDB: JVNDB-2018-016279 // CNVD: CNVD-2020-35517

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-35517

AFFECTED PRODUCTS

vendor:	netgear	model:	wc7520	scope:	lt	version:	2.5.0.46	Trust: 1.6
vendor:	netgear	model:	wc9500	scope:	lt	version:	6.5.3.5	Trust: 1.6
vendor:	netgear	model:	wc7600v2	scope:	lt	version:	6.5.3.5	Trust: 1.6
vendor:	netgear	model:	wc7600v1	scope:	lt	version:	6.5.3.5	Trust: 1.6
vendor:	netgear	model:	wc7500	scope:	lt	version:	6.5.3.5	Trust: 1.0
vendor:	netgear	model:	wc7500	scope:	eq	version:	6.5.3.5	Trust: 0.8
vendor:	netgear	model:	wc7520	scope:	eq	version:	2.5.0.46	Trust: 0.8
vendor:	netgear	model:	wc7600v1	scope:	eq	version:	6.5.3.5	Trust: 0.8
vendor:	netgear	model:	wc7600v2	scope:	eq	version:	6.5.3.5	Trust: 0.8
vendor:	netgear	model:	wc9500	scope:	eq	version:	6.5.3.5	Trust: 0.8

sources: CNVD: CNVD-2020-35517 // JVNDB: JVNDB-2018-016279 // NVD: CVE-2018-11106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11106
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2018-016279
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-35517
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-019
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-11106
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2018-016279
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-35517
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-11106
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2018-016279
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-35517 // JVNDB: JVNDB-2018-016279 // CNNVD: CNNVD-202004-019 // NVD: CVE-2018-11106

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-74	Trust: 0.8

sources: JVNDB: JVNDB-2018-016279 // NVD: CVE-2018-11106

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-019

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-019

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016279

PATCH

title:	Security Advisory for Pre-Authentication Command Injection in request_handler.php on Some Wireless Controllers, PSV-2018-0051	url:	https://kb.netgear.com/000058243/Security-Advisory-for-Pre-Authentication-Command-Injection-in-request-handler-php-on-Some-Wireless-Controllers-PSV-2018-0051	Trust: 0.8
title:	Patch for Multiple NETGEAR product command injection vulnerabilities (CNVD-2020-35517)	url:	https://www.cnvd.org.cn/patchInfo/show/224055	Trust: 0.6
title:	Multiple NETGEAR Fixing measures for product injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117072	Trust: 0.6

sources: CNVD: CNVD-2020-35517 // JVNDB: JVNDB-2018-016279 // CNNVD: CNNVD-202004-019

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11106	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-016279	Trust: 0.8
db:	CNVD	id:	CNVD-2020-35517	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-019	Trust: 0.6

sources: CNVD: CNVD-2020-35517 // JVNDB: JVNDB-2018-016279 // CNNVD: CNNVD-202004-019 // NVD: CVE-2018-11106

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-11106	Trust: 2.0
url:	https://kb.netgear.com/000058243/security-advisory-for-pre-authentication-command-injection-in-request-handler-php-on-some-wireless-controllers-psv-2018-0051	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11106	Trust: 0.8

sources: CNVD: CNVD-2020-35517 // JVNDB: JVNDB-2018-016279 // CNNVD: CNNVD-202004-019 // NVD: CVE-2018-11106

CREDITS

Alexander Oleinik (alxndr on Bugcrowd) , Steven So , Muhammad Anas Imtiaz , Daniel Finn , Manuel Egele

Trust: 0.6

sources: CNNVD: CNNVD-202004-019

SOURCES

db:	CNVD	id:	CNVD-2020-35517
db:	JVNDB	id:	JVNDB-2018-016279
db:	CNNVD	id:	CNNVD-202004-019
db:	NVD	id:	CVE-2018-11106

LAST UPDATE DATE

2024-11-23T21:59:20.268000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-35517	date:	2020-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-016279	date:	2020-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202004-019	date:	2022-03-18T00:00:00
db:	NVD	id:	CVE-2018-11106	date:	2024-11-21T03:42:41.457

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-35517	date:	2020-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-016279	date:	2020-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202004-019	date:	2020-04-01T00:00:00
db:	NVD	id:	CVE-2018-11106	date:	2020-04-01T17:15:14.737