Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for dgn2200v1 by netgear

    VAR-201703-1017

    Vulnerability from variot - Updated: 2025-11-18 15:18

    dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. NETGEAR DGN2200 Device firmware dnslookup.cgi Any OS A command execution vulnerability exists. The NETGEARDGN2200 is an ADSL router device. Green Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NETGEAR DGN2200 is a wireless router product of NETGEAR

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1017",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dgn2200 series",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "10.0.0.50"
          },
          {
            "model": "dgn2200",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "10.0.0.50"
          },
          {
            "model": "netgear dgn2200v1",
            "scope": null,
            "trust": 0.8,
            "vendor": "net gear",
            "version": null
          },
          {
            "model": "netgear dgn2200v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "net gear",
            "version": null
          },
          {
            "model": "netgear dgn2200v3",
            "scope": null,
            "trust": 0.8,
            "vendor": "net gear",
            "version": null
          },
          {
            "model": "netgear dgn2200v4",
            "scope": null,
            "trust": 0.8,
            "vendor": "net gear",
            "version": null
          },
          {
            "model": "dgn2200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "10.0.0.20"
          },
          {
            "model": "dgn2200 series",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "10.0.0.50"
          },
          {
            "model": "shop green shop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "green",
            "version": "0"
          },
          {
            "model": "dgn2200v4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "0"
          },
          {
            "model": "dgn2200v3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "0"
          },
          {
            "model": "dgn2200v2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "0"
          },
          {
            "model": "dgn2200v1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "BID",
            "id": "41425"
          },
          {
            "db": "BID",
            "id": "96463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:dgn2200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:netgear:dgn2200v1",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:netgear:dgn2200v2",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:netgear:dgn2200v3",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:netgear:dgn2200v4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PrinceofHacking",
        "sources": [
          {
            "db": "BID",
            "id": "41425"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6334",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-6334",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-02591",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-114537",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-6334",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6334",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-6334",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2017-6334",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-6334",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02591",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-862",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-114537",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-6334",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. NETGEAR DGN2200 Device firmware dnslookup.cgi Any OS A command execution vulnerability exists. The NETGEARDGN2200 is an ADSL router device. Green Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NETGEAR DGN2200 is a wireless router product of NETGEAR",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "BID",
            "id": "41425"
          },
          {
            "db": "BID",
            "id": "96463"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334"
          }
        ],
        "trust": 2.88
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41459",
            "trust": 0.3,
            "type": "exploit"
          },
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-114537",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6334",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "96463",
            "trust": 3.5
          },
          {
            "db": "EXPLOIT-DB",
            "id": "41472",
            "trust": 2.4
          },
          {
            "db": "EXPLOIT-DB",
            "id": "42257",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "41459",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "41425",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-862",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "14259",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "143128",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141337",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-114537",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334"
          },
          {
            "db": "BID",
            "id": "41425"
          },
          {
            "db": "BID",
            "id": "96463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "id": "VAR-201703-1017",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          }
        ],
        "trust": 1.4038969
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:18:06.109000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.netgear.com/?cid=wmt_netgear_organic"
          },
          {
            "title": "NETGEARDGN2200 remote code execution vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/90369"
          },
          {
            "title": "Dear Diary,",
            "trust": 0.1,
            "url": "https://github.com/ker2x/DearDiary "
          },
          {
            "title": "Known Exploited Vulnerabilities Detector",
            "trust": 0.1,
            "url": "https://github.com/Ostorlab/KEV "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "http://www.securityfocus.com/bid/96463"
          },
          {
            "trust": 2.4,
            "url": "https://www.exploit-db.com/exploits/41472/"
          },
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/41459/"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/42257/"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2017-6334"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6334"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6334"
          },
          {
            "trust": 0.3,
            "url": "http://www.exploit-db.com/exploits/14259/"
          },
          {
            "trust": 0.3,
            "url": "http://www.netgear.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53033"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/exploit/linux/http/netgear_dnslookup_cmd_exec"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334"
          },
          {
            "db": "BID",
            "id": "41425"
          },
          {
            "db": "BID",
            "id": "96463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6334"
          },
          {
            "db": "BID",
            "id": "41425"
          },
          {
            "db": "BID",
            "id": "96463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "date": "2017-03-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "date": "2017-03-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-6334"
          },
          {
            "date": "2010-07-07T00:00:00",
            "db": "BID",
            "id": "41425"
          },
          {
            "date": "2017-02-26T00:00:00",
            "db": "BID",
            "id": "96463"
          },
          {
            "date": "2017-02-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          },
          {
            "date": "2017-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "date": "2017-03-06T02:59:00.433000",
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02591"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114537"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-6334"
          },
          {
            "date": "2010-07-07T00:00:00",
            "db": "BID",
            "id": "41425"
          },
          {
            "date": "2017-03-07T01:08:00",
            "db": "BID",
            "id": "96463"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          },
          {
            "date": "2017-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          },
          {
            "date": "2025-10-22T00:16:07.800000",
            "db": "NVD",
            "id": "CVE-2017-6334"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "41425"
          },
          {
            "db": "BID",
            "id": "96463"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NETGEAR DGN2200 Device firmware  dnslookup.cgi In any  OS Command execution vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002116"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-862"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1405

    Vulnerability from variot - Updated: 2024-11-23 23:11

    Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500, etc. NETGEAR R8500 is a wireless router. NETGEAR R7300 is a wireless router. NETGEAR DGN2200v1 is a modem router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1405",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r8500",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.2.94"
          },
          {
            "model": "r7300",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.54"
          },
          {
            "model": "dgn2200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.55"
          },
          {
            "model": "d2200dw-1frnas",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.32"
          },
          {
            "model": "d2200d",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.32"
          },
          {
            "model": "d2200d",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.32"
          },
          {
            "model": "d2200dw-1frnas",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.32"
          },
          {
            "model": "dgn2200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.55"
          },
          {
            "model": "r7300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.5"
          },
          {
            "model": "r8500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.2.94"
          },
          {
            "model": "dgn2200v1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.55"
          },
          {
            "model": "d2200d/d2200dw-1frnas",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.32"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:d2200d_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:d2200dw-1frnas_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:dgn2200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r7300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r8500_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          }
        ]
      },
      "cve": "CVE-2017-18842",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-18842",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014884",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-70125",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-18842",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-18842",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014884",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18842",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18842",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014884",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-70125",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500, etc. NETGEAR R8500 is a wireless router. NETGEAR R7300 is a wireless router. NETGEAR DGN2200v1 is a modem router. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18842",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1619",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1619"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "id": "VAR-202004-1405",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          }
        ],
        "trust": 1.269060456
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:27.028000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for a Cross Site Request Forgery on Some Routers, DSL Gateways, and a Modem Router PSV-2017-0327",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049017/Security-Advisory-for-a-Cross-Site-Request-Forgery-on-Some-Routers-DSL-Gateways-and-a-Modem-Router-PSV-2017-0327"
          },
          {
            "title": "Patch for Cross-site request forgery vulnerabilities in multiple NETGEAR products (CNVD-2021-70125)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/290171"
          },
          {
            "title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116192"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1619"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18842"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049017/security-advisory-for-a-cross-site-request-forgery-on-some-routers-dsl-gateways-and-a-modem-router-psv-2017-0327"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18842"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1619"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1619"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "date": "2020-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1619"
          },
          {
            "date": "2020-04-20T16:15:13.477000",
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-70125"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1619"
          },
          {
            "date": "2024-11-21T03:21:04.057000",
            "db": "NVD",
            "id": "CVE-2017-18842"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site request forgery vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014884"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1619"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0735

    Vulnerability from variot - Updated: 2024-11-23 23:08

    Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6220 before 1.0.0.46, D6400 before 1.0.0.80, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v1 before 1.0.0.58, DGN2200B before 1.0.0.58, JNDR3000 before 1.0.0.24, RBW30 before 2.1.4.16, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.42, R6400v2 before 1.0.2.56, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.32, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7000P before 1.3.1.44, R7900 before 1.0.2.16, R8000P before 1.4.0.10, R7900P before 1.4.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R8000 before 1.0.4.18, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, WNR3500Lv2 before 1.2.0.54, WN3100RP before 1.0.0.20, and WN2500RPv2 before 1.0.1.54. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6250, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0735",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "d8500",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.3.42"
          },
          {
            "model": "r6250",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.4.26"
          },
          {
            "model": "r6700",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.1.46"
          },
          {
            "model": "r6900",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.1.46"
          },
          {
            "model": "r7000p",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.3.1.44"
          },
          {
            "model": "r6900p",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.3.1.44"
          },
          {
            "model": "r7100lg",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.46"
          },
          {
            "model": "r8000",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.4.18"
          },
          {
            "model": "r8500",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.2.122"
          },
          {
            "model": "r8300",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.2.122"
          },
          {
            "model": "r7300dst",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.68"
          },
          {
            "model": "r7900",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.2.16"
          },
          {
            "model": "d6220",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.46"
          },
          {
            "model": "d6400",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.80"
          },
          {
            "model": "dgn2200b",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "jndr3000",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.24"
          },
          {
            "model": "rbw30",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.4.16"
          },
          {
            "model": "r6400",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.1.42"
          },
          {
            "model": "r7000",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.9.32"
          },
          {
            "model": "r8000p",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.4.0.10"
          },
          {
            "model": "r7900p",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.4.0.10"
          },
          {
            "model": "d7000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.51"
          },
          {
            "model": "wndr4500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.72"
          },
          {
            "model": "wnr3500l",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.54"
          },
          {
            "model": "dgn2200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "wn2500rp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.54"
          },
          {
            "model": "r6300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.4.28"
          },
          {
            "model": "r6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.56"
          },
          {
            "model": "wndr3400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.22"
          },
          {
            "model": "wn3100rp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.20"
          },
          {
            "model": "d6220",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.46"
          },
          {
            "model": "d6400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.80"
          },
          {
            "model": "d7000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.51"
          },
          {
            "model": "d8500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.3.42"
          },
          {
            "model": "dgn2200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "dgn2200b",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "jndr3000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.24"
          },
          {
            "model": "r6250",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.4.26"
          },
          {
            "model": "r6300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.4.28"
          },
          {
            "model": "rbw30",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.4.16"
          },
          {
            "model": "r6300v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.4.28"
          },
          {
            "model": "d7000v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.51"
          },
          {
            "model": "wn2500rpv2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.1.54"
          },
          {
            "model": "wndr3400v3",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.1.22"
          },
          {
            "model": "wnr3500lv2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.2.0.54"
          },
          {
            "model": "dgn2200v1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "r6400v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.2.56"
          },
          {
            "model": "wndr4500v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.72"
          },
          {
            "model": "wn3100rpv2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.20"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:d6220_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:d6400_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:d7000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:d8500_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:dgn2200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:dgn2200b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:jndr3000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r6250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r6300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:rbw30_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          }
        ]
      },
      "cve": "CVE-2019-20755",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CVE-2019-20755",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015460",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-61061",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2019-20755",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2019-20755",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015460",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-20755",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-20755",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015460",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-61061",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1366",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6220 before 1.0.0.46, D6400 before 1.0.0.80, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v1 before 1.0.0.58, DGN2200B before 1.0.0.58, JNDR3000 before 1.0.0.24, RBW30 before 2.1.4.16, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.42, R6400v2 before 1.0.2.56, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.32, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7000P before 1.3.1.44, R7900 before 1.0.2.16, R8000P before 1.4.0.10, R7900P before 1.4.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R8000 before 1.0.4.18, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, WNR3500Lv2 before 1.2.0.54, WN3100RP before 1.0.0.20, and WN2500RPv2 before 1.0.1.54. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6250, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-20755",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1366",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "id": "VAR-202004-0735",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          }
        ],
        "trust": 1.1059655375806452
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:08:03.214000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Post-Authentication Stack Overflow on Some Routers, Modem Routers, Extenders, and Orbi Satellites, PSV-2018-0053",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000060627/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Modem-Routers-Extenders-and-Orbi-Satellites-PSV-2018-0053"
          },
          {
            "title": "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-61061)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/285351"
          },
          {
            "title": "Multiple NETGEAR Product Buffer Error Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115026"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20755"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000060627/security-advisory-for-post-authentication-stack-overflow-on-some-routers-modem-routers-extenders-and-orbi-satellites-psv-2018-0053"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20755"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          },
          {
            "date": "2020-04-16T22:15:12.930000",
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-61061"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          },
          {
            "date": "2020-04-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          },
          {
            "date": "2024-11-21T04:39:16.770000",
            "db": "NVD",
            "id": "CVE-2019-20755"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Out-of-bounds write vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015460"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1366"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202012-1131

    Vulnerability from variot - Updated: 2024-11-23 23:01

    NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. NETGEAR DGN2200v1 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR DGN2200v1 is a N300 wireless ADSL2+ modem router. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1131",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dgn2200v1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "netgear dgn2200v1",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": "1.0.0.58"
          },
          {
            "model": "netgear dgn2200v1",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "dgn2200",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "v1.0.0.58"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "cve": "CVE-2020-35777",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "CVE-2020-35777",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2020-75517",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.7,
                "id": "CVE-2020-35777",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-015390",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-35777",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2020-35777",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-35777",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-75517",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202012-1753",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. NETGEAR DGN2200v1 A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR DGN2200v1 is a N300 wireless ADSL2+ modem router. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-35777",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "id": "VAR-202012-1131",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          }
        ],
        "trust": 1.21429487
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:10.930000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Command\u00a0Injection\u00a0Vulnerability\u00a0on\u00a0DGN2200v1,\u00a0PSV-2020-0411",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000062634/Security-Advisory-for-Command-Injection-Vulnerability-on-DGN2200v1-PSV-2020-0411"
          },
          {
            "title": "Patch for NETGEAR DGN2200v1 command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/242983"
          },
          {
            "title": "NETGEAR DGNv devices Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138132"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35777"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000062634/security-advisory-for-command-injection-vulnerability-on-dgn2200v1-psv-2020-0411"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-12-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "date": "2021-09-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "date": "2020-12-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          },
          {
            "date": "2020-12-30T00:15:12.720000",
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-75517"
          },
          {
            "date": "2021-09-21T07:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          },
          {
            "date": "2024-11-21T05:28:03.887000",
            "db": "NVD",
            "id": "CVE-2020-35777"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NETGEAR\u00a0DGN2200v1\u00a0 Command injection vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015390"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1753"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0799

    Vulnerability from variot - Updated: 2024-11-23 22:29

    Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900 before 1.0.2.16, R7000P before 1.3.2.34, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.2.34, R7000 before 1.0.9.28, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.50. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0799",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "d8500",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.3.42"
          },
          {
            "model": "r6250",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.4.26"
          },
          {
            "model": "r6700",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.1.46"
          },
          {
            "model": "r6900",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.1.46"
          },
          {
            "model": "r7000",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.9.28"
          },
          {
            "model": "r7100lg",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.46"
          },
          {
            "model": "r8000",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.4.18"
          },
          {
            "model": "r8500",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.2.122"
          },
          {
            "model": "r8300",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.2.122"
          },
          {
            "model": "r7300dst",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.68"
          },
          {
            "model": "d6220",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.44"
          },
          {
            "model": "d6400",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.78"
          },
          {
            "model": "r7900",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.2.16"
          },
          {
            "model": "jndr3000",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.0.24"
          },
          {
            "model": "r6400",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.0.1.42"
          },
          {
            "model": "r7000p",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.3.2.34"
          },
          {
            "model": "r6900p",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.3.2.34"
          },
          {
            "model": "d7000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.51"
          },
          {
            "model": "wnr3500l",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.50"
          },
          {
            "model": "wndr4500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.72"
          },
          {
            "model": "dgn2200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "r6300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.4.28"
          },
          {
            "model": "r6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.56"
          },
          {
            "model": "wndr3400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.22"
          },
          {
            "model": "d6220",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.44"
          },
          {
            "model": "d6400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.78"
          },
          {
            "model": "d7000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.51"
          },
          {
            "model": "d8500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.46"
          },
          {
            "model": "dgn2200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "jndr3000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.0.24"
          },
          {
            "model": "r7900",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.2.16"
          },
          {
            "model": "r8000",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.4.18"
          },
          {
            "model": "r8300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.2.122"
          },
          {
            "model": "r8500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.0.2.122"
          },
          {
            "model": "r6300v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.4.28"
          },
          {
            "model": "d7000v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.51"
          },
          {
            "model": "wndr3400v3",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.1.22"
          },
          {
            "model": "dgn2200v1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.58"
          },
          {
            "model": "r6400v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.2.56"
          },
          {
            "model": "wndr4500v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.72"
          },
          {
            "model": "wnr3500lv2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.2.0.50"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:d6220_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:d6400_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:d7000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:d8500_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:dgn2200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:jndr3000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r7900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r8000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r8300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:r8500_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          }
        ]
      },
      "cve": "CVE-2019-20753",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2019-20753",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015458",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-61060",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-20753",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-20753",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015458",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-20753",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-20753",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015458",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-61060",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1364",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900 before 1.0.2.16, R7000P before 1.3.2.34, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.2.34, R7000 before 1.0.9.28, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.50. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-20753",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1364",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "id": "VAR-202004-0799",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          }
        ],
        "trust": 1.1075530365384614
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:39.991000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Pre-Authentication Stack Overflow on Some Routers and Modem Routers, PSV-2018-0085",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000060629/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Modem-Routers-PSV-2018-0085"
          },
          {
            "title": "Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-61060)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/285356"
          },
          {
            "title": "Multiple NETGEAR Product Buffer Error Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115024"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20753"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000060629/security-advisory-for-pre-authentication-stack-overflow-on-some-routers-and-modem-routers-psv-2018-0085"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20753"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          },
          {
            "date": "2020-04-16T22:15:12.790000",
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-61060"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          },
          {
            "date": "2020-04-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          },
          {
            "date": "2024-11-21T04:39:16.390000",
            "db": "NVD",
            "id": "CVE-2019-20753"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Out-of-bounds write vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015458"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1364"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202012-1184

    Vulnerability from variot - Updated: 2024-11-23 22:29

    NETGEAR DGN2200v1 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR DGN2200v1 is a N300 wireless ADSL2+ modem router.

    NETGEAR DGN2200v1 version prior to v1.0.0.60 has an HTTPd authentication vulnerability. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1184",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dgn2200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.60"
          },
          {
            "model": "dgn2200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "dgn2200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": "dgn2200  firmware  1.0.0.60"
          },
          {
            "model": "dgn2200v1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "1.0.0.60"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "cve": "CVE-2020-35785",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2020-35785",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-44694",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-35785",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2020-35785",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-35785",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-35785",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2020-35785",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-35785",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-44694",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202012-1745",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-35785",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-35785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35785"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NETGEAR DGN2200v1 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR DGN2200v1 is a N300 wireless ADSL2+ modem router. \n\r\n\r\nNETGEAR DGN2200v1 version prior to v1.0.0.60 has an HTTPd authentication vulnerability. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          }
        ],
        "trust": 1.26
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-35785",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-35785",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-35785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "id": "VAR-202012-1184",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          }
        ],
        "trust": 1.21429487
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:21.237000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0HTTPd\u00a0Authentication\u00a0Vulnerabilities\u00a0on\u00a0DGN2200v1",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1"
          },
          {
            "title": "Patch for NETGEAR DGN2200v1 HTTPd authentication vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/274886"
          },
          {
            "title": "NETGEAR DGNv devices Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138124"
          },
          {
            "title": "alonzzzo",
            "trust": 0.1,
            "url": "https://github.com/Alonzozzz/alonzzzo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/khulnasoft-lab/awesome-security "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-35785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35785"
          },
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/000062646/security-advisory-for-multiple-httpd-authentication-vulnerabilities-on-dgn2200v1"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alonzozzz/alonzzzo"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-35785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-35785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "date": "2020-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-35785"
          },
          {
            "date": "2021-09-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "date": "2020-12-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          },
          {
            "date": "2020-12-30T00:15:13.410000",
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-44694"
          },
          {
            "date": "2020-12-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-35785"
          },
          {
            "date": "2021-09-07T06:17:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          },
          {
            "date": "2024-11-21T05:28:05.437000",
            "db": "NVD",
            "id": "CVE-2020-35785"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NETGEAR\u00a0DGN2200v1\u00a0 Authentication vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-014977"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1745"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201305-0436

    Vulnerability from variot - Updated: 2022-05-17 02:09

    NetGear DGN1000B and DGN2200 are both router products of NetGear. A remote authentication bypass vulnerability exists in Netgear DGN1000 and DGN2200 devices. A remote attacker could use this vulnerability to bypass the authentication mechanism with elevated privileges to execute arbitrary commands in the context of the affected device. Vulnerabilities exist in the following versions: NetGear DGN1000 runs firmware versions prior to 1.1.00.48, and Netgear DGN2200 v1. Unauthenticated command execution on Netgear DGN devices ========================================================

    [ADVISORY INFORMATION] Title: Unauthenticated command execution on Netgear DGN devices Discovery date: 01/05/2013 Release date: 31/05/2013 Credits: Roberto Paleari (roberto@greyhats.it, twitter: @rpaleari)

    [VULNERABILITY INFORMATION] Class: Authentication bypass, command execution

    [AFFECTED PRODUCTS] This security vulnerability affects the following products and firmware versions: * Netgear DGN1000, firmware version < 1.1.00.48 * Netgear DGN2200 v1 Other products and firmware versions are probably also vulnerable, but they were not checked.

    Briefly, the embedded web server skips authentication checks for some URLs containing the "currentsetting.htm" substring. As an example, the following URL can be accessed even by unauthenticated attackers:

    http:///setup.cgi?currentsetting.htm=1

    Then, the "setup.cgi" page can be abused to execute arbitrary commands. As an example, to read the /www/.htpasswd local file (containing the clear-text password for the "admin" user), an attacker can access the following URL:

    http:///setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1

    Basically this URL leverages the "syscmd" function of the "setup.cgi" script to execute arbitrary commands. In the example above the command being executed is "cat /www/.htpasswd", and the output is displayed in the resulting web page. Slightly variations of this URL can be used to execute arbitrary commands. According to Netgear, DGN2200 v1 is not supported anymore, while v3 and v4 should not be affected by this issue; these versions were not tested by the author.

    [DISCLAIMER] The author is not responsible for the misuse of the information provided in this security advisory. The advisory is a service to the professional security community. There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dgn1000b wireless router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "\u003c=1.1.00.48"
          },
          {
            "_id": null,
            "model": "dgn2200",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "_id": null,
            "model": "dgn2200v1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "0"
          },
          {
            "_id": null,
            "model": "dgn1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "1.1.00.41"
          },
          {
            "_id": null,
            "model": "dgn1000",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "1.1.00.48"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          },
          {
            "db": "BID",
            "id": "60281"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Roberto Paleari",
        "sources": [
          {
            "db": "BID",
            "id": "60281"
          },
          {
            "db": "PACKETSTORM",
            "id": "121860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-024"
          }
        ],
        "trust": 1.0
      },
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2013-06934",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2013-06934",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "NetGear DGN1000B and DGN2200 are both router products of NetGear. \nA remote authentication bypass vulnerability exists in Netgear DGN1000 and DGN2200 devices. A remote attacker could use this vulnerability to bypass the authentication mechanism with elevated privileges to execute arbitrary commands in the context of the affected device. Vulnerabilities exist in the following versions: NetGear DGN1000 runs firmware versions prior to 1.1.00.48, and Netgear DGN2200 v1. Unauthenticated command execution on Netgear DGN devices\n========================================================\n\n[ADVISORY INFORMATION]\nTitle:\t\tUnauthenticated command execution on Netgear DGN devices\nDiscovery date: 01/05/2013\nRelease date:   31/05/2013\nCredits:        Roberto Paleari (roberto@greyhats.it, twitter: @rpaleari)\n\n[VULNERABILITY INFORMATION]\nClass: \t        Authentication bypass, command execution\n\n[AFFECTED PRODUCTS]\nThis security vulnerability affects the following products and firmware\nversions:\n   * Netgear DGN1000, firmware version \u003c 1.1.00.48\n   * Netgear DGN2200 v1\nOther products and firmware versions are probably also vulnerable, but they\nwere not checked. \n\nBriefly, the embedded web server skips authentication checks for some URLs\ncontaining the \"currentsetting.htm\" substring. As an example, the following URL\ncan be accessed even by unauthenticated attackers:\n\nhttp://\u003ctarget-ip-address\u003e/setup.cgi?currentsetting.htm=1\n\nThen, the \"setup.cgi\" page can be abused to execute arbitrary commands. As an\nexample, to read the /www/.htpasswd local file (containing the clear-text\npassword for the \"admin\" user), an attacker can access the following URL:\n\nhttp://\u003ctarget-ip-address\u003e/setup.cgi?next_file=netgear.cfg\u0026todo=syscmd\u0026cmd=cat+/www/.htpasswd\u0026curpath=/\u0026currentsetting.htm=1\n\nBasically this URL leverages the \"syscmd\" function of the \"setup.cgi\" script to\nexecute arbitrary commands. In the example above the command being executed is\n\"cat /www/.htpasswd\", and the output is displayed in the resulting web\npage. Slightly variations of this URL can be used to execute arbitrary\ncommands. According to Netgear, DGN2200 v1 is not supported anymore, while v3\nand v4 should not be affected by this issue; these versions were not tested by\nthe author. \n\n[DISCLAIMER]\nThe author is not responsible for the misuse of the information provided in\nthis security advisory. The advisory is a service to the professional security\ncommunity. There are NO WARRANTIES with regard to this information. Any\napplication or distribution of this information constitutes acceptance AS IS,\nat the user\u0027s own risk. This information is subject to change without notice",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-024"
          },
          {
            "db": "BID",
            "id": "60281"
          },
          {
            "db": "PACKETSTORM",
            "id": "121860"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "60281",
            "trust": 1.5
          },
          {
            "db": "PACKETSTORM",
            "id": "121860",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-024",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          },
          {
            "db": "BID",
            "id": "60281"
          },
          {
            "db": "PACKETSTORM",
            "id": "121860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-024"
          }
        ]
      },
      "id": "VAR-201305-0436",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          }
        ],
        "trust": 1.3441369
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          }
        ]
      },
      "last_update_date": "2022-05-17T02:09:06.781000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Multiple Netgear DGN devices remote authentication bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/34542"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 0.6,
            "url": "http://packetstormsecurity.com/files/121860/netgeardgn-bypassexec.txt"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/60281"
          },
          {
            "trust": 0.3,
            "url": "http://www.netgear.com/service-provider/products/routers-and-gateways/dsl-gateways/dgn1000.aspx#"
          },
          {
            "trust": 0.3,
            "url": "http://www.netgear.com/service-provider/products/routers-and-gateways/dsl-gateways/dgn2200.aspx#"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2013/jun/8"
          },
          {
            "trust": 0.1,
            "url": "http://\u003ctarget-ip-address\u003e/setup.cgi?next_file=netgear.cfg\u0026todo=syscmd\u0026cmd=cat+/www/.htpasswd\u0026curpath=/\u0026currentsetting.htm=1"
          },
          {
            "trust": 0.1,
            "url": "http://\u003ctarget-ip-address\u003e/setup.cgi?currentsetting.htm=1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          },
          {
            "db": "BID",
            "id": "60281"
          },
          {
            "db": "PACKETSTORM",
            "id": "121860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-024"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934",
            "ident": null
          },
          {
            "db": "BID",
            "id": "60281",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "121860",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-024",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2013-06-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-06934",
            "ident": null
          },
          {
            "date": "2013-05-31T00:00:00",
            "db": "BID",
            "id": "60281",
            "ident": null
          },
          {
            "date": "2013-06-03T23:08:27",
            "db": "PACKETSTORM",
            "id": "121860",
            "ident": null
          },
          {
            "date": "2013-05-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201306-024",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2013-06-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-06934",
            "ident": null
          },
          {
            "date": "2013-05-31T00:00:00",
            "db": "BID",
            "id": "60281",
            "ident": null
          },
          {
            "date": "2013-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201306-024",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-024"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Multiple Netgear DGN Device Remote Authentication Bypass Vulnerabilities",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-06934"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "Access Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "60281"
          }
        ],
        "trust": 0.3
      }
    }