CVE-2017-18797

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.

CVSS v3 6.2 MEDIUM
CVSS v2.0 2.1 LOW

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/000049365/Security-Advisory-for-Arbitrary-File-Read-Vulnerability-on-Some-Routers-PSV-2017-0318	Vendor Advisory
https://kb.netgear.com/000049365/Security-Advisory-for-Arbitrary-File-Read-Vulnerability-on-Some-Routers-PSV-2017-0318	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:20

Type	Values Removed	Values Added
References	~~() https://kb.netgear.com/000049365/Security-Advisory-for-Arbitrary-File-Read-Vulnerability-on-Some-Routers-PSV-2017-0318 - Vendor Advisory~~	() https://kb.netgear.com/000049365/Security-Advisory-for-Arbitrary-File-Read-Vulnerability-on-Some-Routers-PSV-2017-0318 - Vendor Advisory

Information

Published : 2020-04-21 19:15

Updated : 2024-11-21 03:20

NVD link : CVE-2017-18797

Mitre link : CVE-2017-18797

CVE.ORG link : CVE-2017-18797

JSON object : View

Products Affected

netgear

r8000_firmware
r6400
r7900_firmware
r7900
r6400_firmware
r8000
r8500
r8500_firmware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2017-18797", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2020-04-21T19:15:12.300", "references": [{"url": "https://kb.netgear.com/000049365/Security-Advisory-for-Arbitrary-File-Read-Vulnerability-on-Some-Routers-PSV-2017-0318", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://kb.netgear.com/000049365/Security-Advisory-for-Arbitrary-File-Read-Vulnerability-on-Some-Routers-PSV-2017-0318", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por la capacidad de un atacante para leer archivos arbitrarios. Esto afecta a R6400 versiones anteriores a 1.0.1.24, R7900 versiones anteriores a 1.0.1.18, R8000 versiones anteriores a 1.0.3.54, y R8500 versiones anteriores a 1.0.2.100."}], "lastModified": "2024-11-21T03:20:56.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29EA60BF-FBA6-4305-8173-07130A527410", "versionEndExcluding": "1.0.1.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A98DFA81-D1BA-41AE-A6A3-1EBBFC452D0F", "versionEndExcluding": "1.0.1.18"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE5F241-45D7-42A2-B5EA-3869B1C97098", "versionEndExcluding": "1.0.3.54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE4B878-05AB-4B45-BCA4-28795AA454F9", "versionEndExcluding": "1.0.2.100"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

6.2 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-18797

6.2^/10

2.1^/10

Attach tags to `CVE-2017-18797`