Sign-up

ID

VAR-202004-1561


CVE

CVE-2018-21125


TITLE

NETGEAR WAC510 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016332

DESCRIPTION

NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. NETGEAR WAC510 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510 is a wireless access point (AP) of NETGEAR. There are security vulnerabilities in NETGEAR WAC510 versions before 5.0.0.17

Trust: 2.25

sources: NVD: CVE-2018-21125 // JVNDB: JVNDB-2018-016332 // CNVD: CNVD-2021-52946 // VULMON: CVE-2018-21125

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-52946

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:5.0.0.17

Trust: 1.6

vendor:netgearmodel:wac510scope:eqversion:5.0.0.17

Trust: 0.8

sources: CNVD: CNVD-2021-52946 // JVNDB: JVNDB-2018-016332 // NVD: CVE-2018-21125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21125
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2018-21125
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016332
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-52946
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1924
value: HIGH

Trust: 0.6

VULMON: CVE-2018-21125
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-21125
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016332
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-52946
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21125
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21125
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016332
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-52946 // VULMON: CVE-2018-21125 // JVNDB: JVNDB-2018-016332 // CNNVD: CNNVD-202004-1924 // NVD: CVE-2018-21125 // NVD: CVE-2018-21125

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-016332 // NVD: CVE-2018-21125

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1924

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1924

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016332

PATCH
title:Security Advisory for an Authentication Bypass on WAC510, PSV-2018-0261url:https://kb.netgear.com/000060233/Security-Advisory-for-an-Authentication-Bypass-on-WAC510-PSV-2018-0261
Trust: 0.8
title:Patch for NETGEAR WAC510 authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/280026
Trust: 0.6
title:NETGEAR WAC510 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116695
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-52946 // 
            
            
            
            JVNDB: JVNDB-2018-016332 // 
            
            
            
            CNNVD: CNNVD-202004-1924

EXTERNAL IDS
db:NVDid:CVE-2018-21125
Trust: 3.1
db:JVNDBid:JVNDB-2018-016332
Trust: 0.8
db:CNVDid:CNVD-2021-52946
Trust: 0.6
db:CNNVDid:CNNVD-202004-1924
Trust: 0.6
db:VULMONid:CVE-2018-21125
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52946 // 
            
            
            
            VULMON: CVE-2018-21125 // 
            
            
            
            JVNDB: JVNDB-2018-016332 // 
            
            
            
            CNNVD: CNNVD-202004-1924 // 
            
            
            
            NVD: CVE-2018-21125

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21125
Trust: 2.0
url:https://kb.netgear.com/000060233/security-advisory-for-an-authentication-bypass-on-wac510-psv-2018-0261
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21125
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-52946 // 
            
            
            
            VULMON: CVE-2018-21125 // 
            
            
            
            JVNDB: JVNDB-2018-016332 // 
            
            
            
            CNNVD: CNNVD-202004-1924 // 
            
            
            
            NVD: CVE-2018-21125

SOURCES
db:CNVDid:CNVD-2021-52946
db:VULMONid:CVE-2018-21125
db:JVNDBid:JVNDB-2018-016332
db:CNNVDid:CNNVD-202004-1924
db:NVDid:CVE-2018-21125

LAST UPDATE DATE
2024-11-23T22:58:18.072000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-52946date:2021-07-21T00:00:00
db:VULMONid:CVE-2018-21125date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2018-016332date:2020-05-26T00:00:00
db:CNNVDid:CNNVD-202004-1924date:2020-04-29T00:00:00
db:NVDid:CVE-2018-21125date:2024-11-21T04:02:57.690

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-52946date:2020-07-21T00:00:00
db:VULMONid:CVE-2018-21125date:2020-04-22T00:00:00
db:JVNDBid:JVNDB-2018-016332date:2020-05-26T00:00:00
db:CNNVDid:CNNVD-202004-1924date:2020-04-22T00:00:00
db:NVDid:CVE-2018-21125date:2020-04-22T16:15:12.560