ID

VAR-202004-1559


CVE

CVE-2018-21123


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016304

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WC7500, etc. are all a wireless LAN controller from NETGEAR. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2018-21123 // JVNDB: JVNDB-2018-016304 // CNVD: CNVD-2021-52944

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52944

AFFECTED PRODUCTS

vendor:netgearmodel:wc7500scope:ltversion:6.5.3.9

Trust: 1.6

vendor:netgearmodel:wc7520scope:ltversion:6.5.3.9

Trust: 1.6

vendor:netgearmodel:wc7600scope:ltversion:6.5.3.9

Trust: 1.0

vendor:netgearmodel:wc7500scope:eqversion:6.5.3.9

Trust: 0.8

vendor:netgearmodel:wc7520scope:eqversion:6.5.3.9

Trust: 0.8

vendor:netgearmodel:wc7600scope:eqversion:6.5.3.9

Trust: 0.8

vendor:netgearmodel:wc7600v1scope:ltversion:6.5.3.9

Trust: 0.6

vendor:netgearmodel:wc7600v2scope:ltversion:6.5.3.9

Trust: 0.6

sources: CNVD: CNVD-2021-52944 // JVNDB: JVNDB-2018-016304 // NVD: CVE-2018-21123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21123
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21123
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016304
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-52944
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1921
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-21123
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016304
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52944
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21123
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21123
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016304
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52944 // JVNDB: JVNDB-2018-016304 // CNNVD: CNNVD-202004-1921 // NVD: CVE-2018-21123 // NVD: CVE-2018-21123

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.8

sources: JVNDB: JVNDB-2018-016304 // NVD: CVE-2018-21123

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1921

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1921

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016304

PATCH

title:Security Advisory for Pre-Authentication Command Injection on Some Wireless Controllers, PSV-2018-0230url:https://kb.netgear.com/000060235/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2018-0230

Trust: 0.8

title:Patch for Injection vulnerabilities in multiple NETGEAR products (CNVD-2021-52944)url:https://www.cnvd.org.cn/patchInfo/show/280011

Trust: 0.6

title:Multiple NETGEAR Fixing measures for product injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117253

Trust: 0.6

sources: CNVD: CNVD-2021-52944 // JVNDB: JVNDB-2018-016304 // CNNVD: CNNVD-202004-1921

EXTERNAL IDS

db:NVDid:CVE-2018-21123

Trust: 3.0

db:JVNDBid:JVNDB-2018-016304

Trust: 0.8

db:CNVDid:CNVD-2021-52944

Trust: 0.6

db:CNNVDid:CNNVD-202004-1921

Trust: 0.6

sources: CNVD: CNVD-2021-52944 // JVNDB: JVNDB-2018-016304 // CNNVD: CNNVD-202004-1921 // NVD: CVE-2018-21123

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2018-21123

Trust: 2.0

url:https://kb.netgear.com/000060235/security-advisory-for-pre-authentication-command-injection-on-some-wireless-controllers-psv-2018-0230

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21123

Trust: 0.8

sources: CNVD: CNVD-2021-52944 // JVNDB: JVNDB-2018-016304 // CNNVD: CNNVD-202004-1921 // NVD: CVE-2018-21123

SOURCES

db:CNVDid:CNVD-2021-52944
db:JVNDBid:JVNDB-2018-016304
db:CNNVDid:CNNVD-202004-1921
db:NVDid:CVE-2018-21123

LAST UPDATE DATE

2024-11-23T22:16:30.164000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-52944date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2018-016304date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1921date:2020-04-26T00:00:00
db:NVDid:CVE-2018-21123date:2024-11-21T04:02:57.413

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-52944date:2020-07-21T00:00:00
db:JVNDBid:JVNDB-2018-016304date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1921date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21123date:2020-04-22T16:15:12.420