Search

Find a vulnerability

Search criteria

    11 vulnerabilities found for wnap210 by netgear

    VAR-201704-0303

    Vulnerability from variot - Updated: 2025-11-18 15:19

    (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are authentication bypass vulnerabilities in Netgear's various devices. Attackers exploit vulnerabilities to directly pass input command lines on unverified web pages and initiate command injection attacks. Security vulnerabilities exist in multiple files in several Netgear products. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WN802Tv2 prior to 3.5.5.0; WNAP210v2 prior to 3.5.5.0; WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5 Versions prior to .5.0; versions prior to WNDAP660 3.5.5.0. Hello,

    We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. This has been assigned CVE-2016-1555. Affected devices include:

    Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360

    Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:

    D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695

    Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:

    Netgear WN604 Netgear WNAP210 Netgear WNAP320 Netgear WND930 Netgear WNDAP350 Netgear WNDAP360

    Several devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID’s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:

    D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360

    We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.

    Thanks,

    Dominic

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0303",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wndap210v2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wndap360",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wn802tv2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wndap350",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wnap320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wn604",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.3.2"
          },
          {
            "model": "wndap660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.3.3"
          },
          {
            "model": "wn802tv2",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wnap210v2",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wn604",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wn802tv2",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnap210",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnap320",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wndap350",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wndap360",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.3.2"
          },
          {
            "model": "wndap210v2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wn802tv2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn604_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn802tv2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap210v2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dominic Chen",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "135956"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2016-1555",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-1555",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-01687",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-90374",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-1555",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-1555",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-1555",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2016-1555",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-1555",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01687",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-397",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-90374",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-1555",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are authentication bypass vulnerabilities in Netgear\u0027s various devices. Attackers exploit vulnerabilities to directly pass input command lines on unverified web pages and initiate command injection attacks. Security vulnerabilities exist in multiple files in several Netgear products. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WN802Tv2 prior to 3.5.5.0; WNAP210v2 prior to 3.5.5.0; WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5 Versions prior to .5.0; versions prior to WNDAP660 3.5.5.0. Hello,\n\nWe\u2019d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. This has been assigned CVE-2016-1555. Affected devices include:\n\nNetgear WN604\nNetgear WN802Tv2\nNetgear WNAP210\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the \u0027dlink_uid\u0027 cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:\n\nD-Link DAP-2310\nD-Link DAP-2330\nD-Link DAP-2360\nD-Link DAP-2553\nD-Link DAP-2660\nD-Link DAP-2690\nD-Link DAP-2695\n\nSeveral Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:\n\nNetgear WN604\nNetgear WNAP210\nNetgear WNAP320\nNetgear WND930\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID\u2019s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:\n\nD-Link DAP-1353\nD-Link DAP-2553\nD-Link DAP-3520\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nWe have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. \n\nThanks,\n\nDominic\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "db": "PACKETSTORM",
            "id": "135956"
          }
        ],
        "trust": 2.43
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-90374",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1555",
            "trust": 3.3
          },
          {
            "db": "PACKETSTORM",
            "id": "135956",
            "trust": 2.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45909",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "150478",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-90374",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-1555",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "db": "PACKETSTORM",
            "id": "135956"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "id": "VAR-201704-0303",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          }
        ],
        "trust": 1.2278612025
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:19:55.176000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CVE-2016-1555 - Notification",
            "trust": 0.8,
            "url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification"
          },
          {
            "title": "Multiple Netgear Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91631"
          },
          {
            "title": "faisalfs10x",
            "trust": 0.1,
            "url": "https://github.com/faisalfs10x/faisalfs10x "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
          },
          {
            "trust": 2.4,
            "url": "http://seclists.org/fulldisclosure/2016/feb/112"
          },
          {
            "trust": 1.8,
            "url": "https://kb.netgear.com/30480/cve-2016-1555-notification?cid=wmt_netgear_organic"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/45909/"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2016-1555"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1555"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1555"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/faisalfs10x/faisalfs10x"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/exploit/linux/http/netgear_unauth_exec"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/firmadyne/firmadyne."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1557"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1559"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1558"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "db": "PACKETSTORM",
            "id": "135956"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "db": "PACKETSTORM",
            "id": "135956"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "date": "2017-04-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "date": "2017-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "date": "2016-02-26T17:22:22",
            "db": "PACKETSTORM",
            "id": "135956"
          },
          {
            "date": "2016-03-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "date": "2017-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "date": "2017-04-21T15:59:00.333000",
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01687"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90374"
          },
          {
            "date": "2019-04-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-1555"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          },
          {
            "date": "2017-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          },
          {
            "date": "2025-10-22T00:15:49.350000",
            "db": "NVD",
            "id": "CVE-2016-1555"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Netgear Vulnerability to execute arbitrary commands in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008523"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-397"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0304

    Vulnerability from variot - Updated: 2025-04-20 23:13

    Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices. The device bypasses the authentication page, and the attacker can use the vulnerability to obtain sensitive information such as wireless WPSPIN. NETGEAR WN604 is a wireless access point (AP) of NETGEAR. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WNAP210 prior to 3.5.5.0, WNAP320 prior to 3.5.5.0, WNDAP350 prior to 3.5.5.0, WNDAP360 prior to 3.5.5.0; WND930 2.0 Versions prior to .11

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0304",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wndap360",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wndap350",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wnd930",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.0.4"
          },
          {
            "model": "wn604",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.3.2"
          },
          {
            "model": "wndap210v2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wnap320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.3.3"
          },
          {
            "model": "wnap210v2",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "2.0.11"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "3.5.5.0"
          },
          {
            "model": "wn604",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnap210",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnap320",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wndap350",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wndap360",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnd930",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.3.2"
          },
          {
            "model": "wndap210v2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "2.0.4"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.0.5.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn604_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap210v2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          }
        ]
      },
      "cve": "CVE-2016-1556",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-1556",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-01690",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-90375",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-1556",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-1556",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-1556",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01690",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201604-395",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-90375",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear\u0027s various devices. The device bypasses the authentication page, and the attacker can use the vulnerability to obtain sensitive information such as wireless WPSPIN. NETGEAR WN604 is a wireless access point (AP) of NETGEAR. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WNAP210 prior to 3.5.5.0, WNAP320 prior to 3.5.5.0, WNDAP350 prior to 3.5.5.0, WNDAP360 prior to 3.5.5.0; WND930 2.0 Versions prior to .11",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90375"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1556",
            "trust": 3.1
          },
          {
            "db": "PACKETSTORM",
            "id": "135956",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690",
            "trust": 0.6
          },
          {
            "db": "VULDB",
            "id": "81129",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-90375",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "id": "VAR-201704-0304",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90375"
          }
        ],
        "trust": 1.22198852
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:13:14.061000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CVE-2016-1556 - Notification",
            "trust": 0.8,
            "url": "https://kb.netgear.com/30481/CVE-2016-1556-Notification"
          },
          {
            "title": "Multiple Netgear Product information disclosure vulnerability repair measures",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61088"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-90375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
          },
          {
            "trust": 2.3,
            "url": "http://seclists.org/fulldisclosure/2016/feb/112"
          },
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/30481/cve-2016-1556-notification?cid=wmt_netgear_organic"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1556"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1556"
          },
          {
            "trust": 0.6,
            "url": "http://vuldb.com/?id.81129"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "date": "2017-04-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90375"
          },
          {
            "date": "2017-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "date": "2016-03-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          },
          {
            "date": "2017-04-21T15:59:00.363000",
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-03-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01690"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90375"
          },
          {
            "date": "2017-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          },
          {
            "date": "2017-04-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-1556"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Netgear Information disclosure vulnerability in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008524"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201604-395"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201104-0210

    Vulnerability from variot - Updated: 2025-04-11 23:16

    BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. Netgear ProSafe Wireless Access Point (WNAP210) Has multiple vulnerabilities. Netgear Provided by WNAP210 Has two vulnerabilities. An attacker with a network access device can browse the WEB page http://NetGearDeviceIP/BackupConfig.php, which will prompt the attacker to download the device configuration without any login authentication. Access to the BackupConfig.php script is not properly restricted and can be used to download configuration files for backup and leak administrator passwords. WNAP210 firmware 2.0.12 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------

    Q1 Factsheets released:

    http://secunia.com/resources/factsheets/2011_vendor/


    TITLE: NetGear WNAP210 Backup Disclosure and Authentication Bypass Vulnerabilities

    SECUNIA ADVISORY ID: SA44045

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44045

    RELEASE DATE: 2011-04-06

    DISCUSS ADVISORY: http://secunia.com/advisories/44045/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/44045/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=44045

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Two vulnerabilities have been reported in Netgear ProSafe Wireless-N Access Point WNAP210, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.

    SOLUTION: Update to the latest firmware. Please contact the vendor for more details.

    PROVIDED AND/OR DISCOVERED BY: Trevor Seward via US-CERT.

    ORIGINAL ADVISORY: US-CERT VU#644812: http://www.kb.cert.org/vuls/id/644812

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201104-0210",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "prosafe wnap210",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.0.12"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "netgear",
            "version": "2.0.12"
          },
          {
            "model": "prosafe wnap210",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "*"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnap210",
            "scope": null,
            "trust": 0.8,
            "vendor": "net gear",
            "version": null
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "firmware version 2.0.12"
          },
          {
            "model": "prosafe wnap210",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:netgear:prosafe_wnap210",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trevor Seward",
        "sources": [
          {
            "db": "BID",
            "id": "47175"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-1673",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-1673",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2011-6460",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-49618",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-1673",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#644812",
                "trust": 0.8,
                "value": "5.10"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-1673",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2011-6460",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201104-072",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-49618",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-1673",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-1673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. Netgear ProSafe Wireless Access Point (WNAP210) Has multiple vulnerabilities. Netgear Provided by WNAP210 Has two vulnerabilities. An attacker with a network access device can browse the WEB page http://NetGearDeviceIP/BackupConfig.php, which will prompt the attacker to download the device configuration without any login authentication. Access to the BackupConfig.php script is not properly restricted and can be used to download configuration files for backup and leak administrator passwords. \nWNAP210 firmware 2.0.12 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nQ1 Factsheets released:\n\nhttp://secunia.com/resources/factsheets/2011_vendor/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nNetGear WNAP210 Backup Disclosure and Authentication Bypass\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44045\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44045/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44045\n\nRELEASE DATE:\n2011-04-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44045/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44045/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44045\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Netgear ProSafe Wireless-N\nAccess Point WNAP210, which can be exploited by malicious people to\ndisclose sensitive information and bypass certain security\nrestrictions. \n\nSOLUTION:\nUpdate to the latest firmware. Please contact the vendor for more\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\nTrevor Seward via US-CERT. \n\nORIGINAL ADVISORY:\nUS-CERT VU#644812:\nhttp://www.kb.cert.org/vuls/id/644812\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1673"
          },
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-1673"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          }
        ],
        "trust": 5.22
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#644812",
            "trust": 5.2
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1673",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "47175",
            "trust": 1.5
          },
          {
            "db": "SECUNIA",
            "id": "44045",
            "trust": 1.4
          },
          {
            "db": "VUPEN",
            "id": "ADV-2011-0884",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-49618",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-1673",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "100135",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-1673"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "id": "VAR-201104-0210",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49618"
          }
        ],
        "trust": 1.75454547
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:16:47.900000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "WNAP210",
            "trust": 0.8,
            "url": "http://www.netgear.com/business/products/access-points-wireless-controllers/access-points/wnap210.aspx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.8,
            "url": "http://www.kb.cert.org/vuls/id/644812"
          },
          {
            "trust": 1.6,
            "url": "http://support.netgear.com/app/answers/detail/a_id/19381"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1673"
          },
          {
            "trust": 1.2,
            "url": "http://secunia.com/advisories/44045"
          },
          {
            "trust": 1.2,
            "url": "http://www.vupen.com/english/advisories/2011/0884"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66817"
          },
          {
            "trust": 0.8,
            "url": "http://www.netgear.com/products/business/access-points-wireless-controllers/access-points/wnap210.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1673"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu644812"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/47175/infohttp"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/644812http"
          },
          {
            "trust": 0.3,
            "url": "http://www.netgear.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/310.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44045/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44045"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44045/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/resources/factsheets/2011_vendor/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-1673"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-1673"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-04-05T00:00:00",
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "date": "2011-04-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "date": "2011-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "date": "2011-04-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-1673"
          },
          {
            "date": "2011-04-05T00:00:00",
            "db": "BID",
            "id": "47175"
          },
          {
            "date": "2012-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "date": "2011-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "date": "2011-04-06T11:55:42",
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "date": "2011-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          },
          {
            "date": "2011-04-10T02:55:01.727000",
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-09-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "date": "2011-04-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "date": "2017-08-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-49618"
          },
          {
            "date": "2017-08-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-1673"
          },
          {
            "date": "2011-04-05T00:00:00",
            "db": "BID",
            "id": "47175"
          },
          {
            "date": "2012-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-004479"
          },
          {
            "date": "2011-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "date": "2011-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-1673"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetGear ProSafe WNAP210 Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-6460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-072"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201104-0211

    Vulnerability from variot - Updated: 2025-04-11 23:16

    The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. NetGear WNAP210 is vulnerable to remote administrator password disclosure and administrative web page login bypass. Netgear ProSafe Wireless Access Point (WNAP210) Has multiple vulnerabilities. Netgear Provided by WNAP210 Has two vulnerabilities. This configuration stores the administrator password in clear text. NETGEAR WNAP210 has a security bypass vulnerability in its implementation. WNAP210 firmware 2.0.12 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------

    Q1 Factsheets released:

    http://secunia.com/resources/factsheets/2011_vendor/


    TITLE: NetGear WNAP210 Backup Disclosure and Authentication Bypass Vulnerabilities

    SECUNIA ADVISORY ID: SA44045

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44045

    RELEASE DATE: 2011-04-06

    DISCUSS ADVISORY: http://secunia.com/advisories/44045/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/44045/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=44045

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Two vulnerabilities have been reported in Netgear ProSafe Wireless-N Access Point WNAP210, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.

    SOLUTION: Update to the latest firmware. Please contact the vendor for more details.

    PROVIDED AND/OR DISCOVERED BY: Trevor Seward via US-CERT.

    ORIGINAL ADVISORY: US-CERT VU#644812: http://www.kb.cert.org/vuls/id/644812

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201104-0211",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "prosafe wnap210",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "netgear",
            "version": "2.0.12"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "netgear",
            "version": "2.0.12"
          },
          {
            "model": "prosafe wnap210",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "*"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "prosafe wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "2.0.12"
          },
          {
            "model": "wnap210",
            "scope": null,
            "trust": 0.8,
            "vendor": "net gear",
            "version": null
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "net gear",
            "version": "firmware version 2.0.12"
          },
          {
            "model": "prosafe wnap210",
            "scope": null,
            "trust": 0.6,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "prosafe wnap210",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netgear",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "BID",
            "id": "78577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:prosafe_wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:netgear:prosafe_wnap210",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trevor Seward",
        "sources": [
          {
            "db": "BID",
            "id": "47175"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-1674",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2011-1674",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2011-6459",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-49619",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-1674",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#644812",
                "trust": 0.8,
                "value": "5.10"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-1674",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2011-6459",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201104-073",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-49619",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. NetGear WNAP210 is vulnerable to remote administrator password disclosure and administrative web page login bypass. Netgear ProSafe Wireless Access Point (WNAP210) Has multiple vulnerabilities. Netgear Provided by WNAP210 Has two vulnerabilities. This configuration stores the administrator password in clear text. NETGEAR WNAP210 has a security bypass vulnerability in its implementation. \nWNAP210 firmware 2.0.12 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nQ1 Factsheets released:\n\nhttp://secunia.com/resources/factsheets/2011_vendor/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nNetGear WNAP210 Backup Disclosure and Authentication Bypass\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44045\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44045/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44045\n\nRELEASE DATE:\n2011-04-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44045/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44045/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44045\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Netgear ProSafe Wireless-N\nAccess Point WNAP210, which can be exploited by malicious people to\ndisclose sensitive information and bypass certain security\nrestrictions. \n\nSOLUTION:\nUpdate to the latest firmware. Please contact the vendor for more\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\nTrevor Seward via US-CERT. \n\nORIGINAL ADVISORY:\nUS-CERT VU#644812:\nhttp://www.kb.cert.org/vuls/id/644812\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1674"
          },
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "BID",
            "id": "78577"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          }
        ],
        "trust": 5.4
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#644812",
            "trust": 5.4
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1674",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "47175",
            "trust": 1.5
          },
          {
            "db": "SECUNIA",
            "id": "44045",
            "trust": 1.3
          },
          {
            "db": "VUPEN",
            "id": "ADV-2011-0884",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "78577",
            "trust": 0.4
          },
          {
            "db": "XF",
            "id": "66723",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-49619",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "100135",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "BID",
            "id": "78577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "id": "VAR-201104-0211",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49619"
          }
        ],
        "trust": 1.75454547
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:16:47.842000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "WNAP210",
            "trust": 0.8,
            "url": "http://www.netgear.com/business/products/access-points-wireless-controllers/access-points/wnap210.aspx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "http://www.kb.cert.org/vuls/id/644812"
          },
          {
            "trust": 1.6,
            "url": "http://support.netgear.com/app/answers/detail/a_id/19381"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1674"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/44045"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2011/0884"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66723"
          },
          {
            "trust": 0.8,
            "url": "http://www.netgear.com/products/business/access-points-wireless-controllers/access-points/wnap210.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1674"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu644812"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/47175/infohttp"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/644812http"
          },
          {
            "trust": 0.3,
            "url": "http://www.netgear.com"
          },
          {
            "trust": 0.3,
            "url": "http://xforce.iss.net/xforce/xfdb/66723"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44045/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44045"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44045/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/resources/factsheets/2011_vendor/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "BID",
            "id": "78577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "BID",
            "id": "78577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-04-05T00:00:00",
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "date": "2011-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "date": "2011-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "date": "2011-04-05T00:00:00",
            "db": "BID",
            "id": "47175"
          },
          {
            "date": "2011-04-09T00:00:00",
            "db": "BID",
            "id": "78577"
          },
          {
            "date": "2012-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "date": "2011-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "date": "2011-04-06T11:55:42",
            "db": "PACKETSTORM",
            "id": "100135"
          },
          {
            "date": "2011-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          },
          {
            "date": "2011-04-10T02:55:01.790000",
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-09-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#644812"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1327"
          },
          {
            "date": "2011-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "date": "2011-04-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1328"
          },
          {
            "date": "2017-08-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-49619"
          },
          {
            "date": "2011-04-05T00:00:00",
            "db": "BID",
            "id": "47175"
          },
          {
            "date": "2011-04-09T00:00:00",
            "db": "BID",
            "id": "78577"
          },
          {
            "date": "2012-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-004480"
          },
          {
            "date": "2011-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001453"
          },
          {
            "date": "2011-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-1674"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "47175"
          },
          {
            "db": "BID",
            "id": "78577"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetGear ProSafe WNAP210 Security Bypass Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-6459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201104-073"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1371

    Vulnerability from variot - Updated: 2024-11-23 23:07

    Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1371",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wac510",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.3.0.10"
          },
          {
            "model": "wac120",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.4"
          },
          {
            "model": "wndap620",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.3"
          },
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.2"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.3.7"
          },
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.4"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.3.0.10"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.3.7"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.2"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.3"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap210v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac120_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac510_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn604_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          }
        ]
      },
      "cve": "CVE-2017-18806",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18806",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014893",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-52966",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2017-18806",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2017-18806",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014893",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18806",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18806",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014893",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-52966",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18806",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1835",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1835"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "id": "VAR-202004-1371",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          }
        ],
        "trust": 1.0737637281818182
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:07:58.710000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2214",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"
          },
          {
            "title": "Patch for NETGEAR command injection vulnerability (CNVD-2021-52966)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/280076"
          },
          {
            "title": "Multiple NETGEAR Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116311"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1835"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18806"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049061/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2214"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18806"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1835"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1835"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1835"
          },
          {
            "date": "2020-04-21T16:15:51.337000",
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-52966"
          },
          {
            "date": "2020-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          },
          {
            "date": "2020-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1835"
          },
          {
            "date": "2024-11-21T03:20:58.387000",
            "db": "NVD",
            "id": "CVE-2017-18806"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Injection vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014893"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1835"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1533

    Vulnerability from variot - Updated: 2024-11-23 23:04

    Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all wireless access points (AP) of NETGEAR.

    There are buffer overflow vulnerabilities in many NETGEAR products, and remote attackers can use this vulnerability to execute arbitrary code by sending specially crafted requests. This affects WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WAC120 prior to 2.1.7, WN604 prior to 3.3.10, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, and WND930 prior to 2.1.5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1533",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wac505",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac510",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac120",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.3.10"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.5"
          },
          {
            "model": "wnap210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wac505",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.3.10"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnap210v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.7"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.4"
          },
          {
            "model": "wac505",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "5.0.0.17"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "1.3.0.10"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "5.0.0.17"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.3.3"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.3.7"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.2"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.3"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac120_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac505_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac510_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn604_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          }
        ]
      },
      "cve": "CVE-2018-21097",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-21097",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016403",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-28140",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-21097",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-21097",
                "impactScore": 4.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016403",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-21097",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2018-21097",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2018-016403",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-28140",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2187",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-21097",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all wireless access points (AP) of NETGEAR. \n\r\n\r\nThere are buffer overflow vulnerabilities in many NETGEAR products, and remote attackers can use this vulnerability to execute arbitrary code by sending specially crafted requests. This affects WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WAC120 prior to 2.1.7, WN604 prior to 3.3.10, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, and WND930 prior to 2.1.5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21097"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-21097",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21097",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "id": "VAR-202004-1533",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          }
        ],
        "trust": 1.065498345
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:04:24.946000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Pre-Authentication Stack Overflow on Some Wireless Access Points, PSV-2018-0094",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000060457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Wireless-Access-Points-PSV-2018-0094"
          },
          {
            "title": "Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-28140)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/217425"
          },
          {
            "title": "Multiple NETGEAR Product Buffer Error Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117709"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21097"
          },
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/000060457/security-advisory-for-pre-authentication-stack-overflow-on-some-wireless-access-points-psv-2018-0094"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21097"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "date": "2020-04-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-21097"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "date": "2020-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          },
          {
            "date": "2020-04-27T16:15:12.710000",
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-28140"
          },
          {
            "date": "2020-05-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-21097"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          },
          {
            "date": "2020-05-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          },
          {
            "date": "2024-11-21T04:02:53.660000",
            "db": "NVD",
            "id": "CVE-2018-21097"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Out-of-bounds write vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016403"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2187"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1530

    Vulnerability from variot - Updated: 2024-11-23 23:01

    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1530",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.1.5"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.3.10"
          },
          {
            "model": "wac510",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac505",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wnap210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac120",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wac505",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.3.10"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.5"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.7"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.4"
          },
          {
            "model": "wac505",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "5.0.0.17"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "1.3.0.10"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "5.0.0.17"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.3.3"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.3.7"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.2"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.3"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac120_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac505_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac510_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn604_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          }
        ]
      },
      "cve": "CVE-2018-21094",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-21094",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016405",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-21094",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-21094",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016405",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-21094",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2018-21094",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2018-016405",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2173",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-21094",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21094"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-21094",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21094",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "id": "VAR-202004-1530",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.4320588036363637
      },
      "last_update_date": "2024-11-23T23:01:24.280000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for a Security Misconfiguration on Some Wireless Access Points, PSV-2018-0350",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000060460/Security-Advisory-for-a-Security-Misconfiguration-on-Some-Wireless-Access-Points-PSV-2018-0350"
          },
          {
            "title": "Multiple NETGEAR Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117280"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/000060460/security-advisory-for-a-security-misconfiguration-on-some-wireless-access-points-psv-2018-0350"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21094"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21094"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-21094"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "date": "2020-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          },
          {
            "date": "2020-04-27T15:15:12.143000",
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-21094"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          },
          {
            "date": "2020-05-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          },
          {
            "date": "2024-11-21T04:02:53.217000",
            "db": "NVD",
            "id": "CVE-2018-21094"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016405"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2173"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1556

    Vulnerability from variot - Updated: 2024-11-23 22:48

    Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1556",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wac505",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac510",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac120",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.3.10"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.5"
          },
          {
            "model": "wnap210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wac505",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.5"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnap210v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.7.11.4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac120_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac505_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac510_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          }
        ]
      },
      "cve": "CVE-2018-21120",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CVE-2018-21120",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016301",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-59162",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2018-21120",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.5,
                "id": "CVE-2018-21120",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016301",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-21120",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2018-21120",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2018-016301",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-59162",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1917",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-21120",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "id": "VAR-202004-1556",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          }
        ],
        "trust": 1.065498345
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:48:01.387000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0095",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000060238/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0095"
          },
          {
            "title": "Patch for Cross-site request forgery vulnerability in multiple NETGEAR products (CNVD-2021-59162)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/284356"
          },
          {
            "title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117250"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21120"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000060238/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0095"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21120"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "date": "2020-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "date": "2020-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          },
          {
            "date": "2020-04-22T16:15:11.903000",
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-59162"
          },
          {
            "date": "2020-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          },
          {
            "date": "2024-11-21T04:02:56.987000",
            "db": "NVD",
            "id": "CVE-2018-21120"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site request forgery vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016301"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1917"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1532

    Vulnerability from variot - Updated: 2024-11-23 22:37

    Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1532",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.1.5"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.3.10"
          },
          {
            "model": "wac510",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac505",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wnap210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac120",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wac505",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "5.0.5.4"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.5"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.7"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.11.4"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.7"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.4"
          },
          {
            "model": "wac505",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "5.0.0.17"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "1.3.0.10"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "5.0.0.17"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.3.3"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.3.7"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.2"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "2.1.3"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": "3.7.4.0"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac120_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac505_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac510_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          }
        ]
      },
      "cve": "CVE-2018-21096",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.4,
                "id": "CVE-2018-21096",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.9,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016402",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.5,
                "id": "CVE-2018-21096",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.5,
                "id": "CVE-2018-21096",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-016402",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-21096",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2018-21096",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2018-016402",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2185",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-21096",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This affects WAC120 prior to 2.1.7, WAC505 prior to 5.0.5.4, WAC510 prior to 5.0.5.4, WNAP320 prior to 3.7.11.4, WNAP210v2 prior to 3.7.11.4, WNDAP350 prior to 3.7.11.4, WNDAP360 prior to 3.7.11.4, WNDAP660 prior to 3.7.11.4, WNDAP620 prior to 2.1.7, WND930 prior to 2.1.5, and WN604 prior to 3.3.10",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21096"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-21096",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-21096",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "id": "VAR-202004-1532",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.4320588036363637
      },
      "last_update_date": "2024-11-23T22:37:24.872000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Cross Site Request Forgery on Some Wireless Access Points, PSV-2018-0096",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000060455/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Wireless-Access-Points-PSV-2018-0096"
          },
          {
            "title": "Multiple NETGEAR Repair measures for product cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117708"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/000060455/security-advisory-for-cross-site-request-forgery-on-some-wireless-access-points-psv-2018-0096"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21096"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21096"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2018-21096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-21096"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "date": "2020-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          },
          {
            "date": "2020-04-27T16:15:12.663000",
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-21096"
          },
          {
            "date": "2020-06-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          },
          {
            "date": "2020-05-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          },
          {
            "date": "2024-11-21T04:02:53.510000",
            "db": "NVD",
            "id": "CVE-2018-21096"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Cross-site request forgery vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016402"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2185"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1318

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1318",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wac510",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "1.3.0.10"
          },
          {
            "model": "wac120",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.4"
          },
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "2.1.2"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.3.7"
          },
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap620",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.1.3"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.4"
          },
          {
            "model": "wac510",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "1.3.0.10"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.3.7"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.2"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.1.3"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.7.4.0"
          },
          {
            "model": "wnap210v2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "netgear",
            "version": "3.7.4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac120_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac510_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn604_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          }
        ]
      },
      "cve": "CVE-2017-18805",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18805",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014895",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-57167",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2017-18805",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2017-18805",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014895",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18805",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2017-18805",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014895",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-57167",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC510, etc. are all a wireless access point (AP) of NETGEAR company. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18805",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1815",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1815"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "id": "VAR-202004-1318",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          }
        ],
        "trust": 1.0737637281818182
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:33:28.609000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2213",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049060/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2213"
          },
          {
            "title": "Patch for NETGEAR command injection vulnerability (CNVD-2021-57167)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/283626"
          },
          {
            "title": "Multiple NETGEAR Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116292"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1815"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18805"
          },
          {
            "trust": 1.6,
            "url": "https://kb.netgear.com/000049060/security-advisory-for-command-injection-vulnerability-on-some-wireless-access-points-psv-2017-2213"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18805"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1815"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1815"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "date": "2020-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "date": "2020-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1815"
          },
          {
            "date": "2020-04-21T18:15:12.593000",
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-57167"
          },
          {
            "date": "2020-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          },
          {
            "date": "2020-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1815"
          },
          {
            "date": "2024-11-21T03:20:58.220000",
            "db": "NVD",
            "id": "CVE-2017-18805"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Injection vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014895"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1815"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1515

    Vulnerability from variot - Updated: 2024-11-23 22:29

    Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1515",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wndap660",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wn604",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.3.3"
          },
          {
            "model": "wac120",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.0.7"
          },
          {
            "model": "wndap360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap350",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap620",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wnd930",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wnap210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wac120",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.0.7"
          },
          {
            "model": "wn604",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.3.3"
          },
          {
            "model": "wnap210",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnap320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wndap350",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap360",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wndap620",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "2.0.11"
          },
          {
            "model": "wndap660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netgear",
            "version": "3.5.20.0"
          },
          {
            "model": "wnd930",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-18863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:netgear:wac120_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wn604_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap210_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wnd930_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap620_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:netgear:wndap660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          }
        ]
      },
      "cve": "CVE-2017-18863",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-18863",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.1,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014995",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-18863",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-014995",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-18863",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2017-014995",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2262",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-18863",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-18863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier. plural NETGEAR The product contains an injection vulnerability.Information may be obtained and tampered with. This affects WN604 3.3.3 and previous versions, WNAP210v2 3.5.20.0 and previous versions, WNAP320 3.5.20.0 and previous versions, WNDAP350 3.5.20.0 and previous versions, WNDAP360 3.5.20.0 and previous versions, WNDAP620 2.0.11 and previous versions, WNDAP660 3.5.20.0 and previous versions, WND930 2.0.11 and previous versions, and WAC120 2.0.7 and previous versions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-18863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18863"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-18863",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-18863",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-18863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "id": "VAR-202004-1515",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.4443443822222222
      },
      "last_update_date": "2024-11-23T22:29:38.886000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory for PHP Vulnerabilities on Wireless Access Points, PSV-2017-0517 and PSV-2016-0258",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000037827/Security-Advisory-for-PHP-Vulnerabilities-on-Wireless-Access-Points-PSV-2017-0517-and-PSV-2016-0258"
          },
          {
            "title": "Multiple NETGEAR Fixing measures for product injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117741"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/000037827/security-advisory-for-php-vulnerabilities-on-wireless-access-points-psv-2017-0517-and-psv-2016-0258"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18863"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18863"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/74.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-18863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2017-18863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-18863"
          },
          {
            "date": "2020-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          },
          {
            "date": "2020-04-28T16:15:12.747000",
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-18863"
          },
          {
            "date": "2020-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          },
          {
            "date": "2020-05-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          },
          {
            "date": "2024-11-21T03:21:07.387000",
            "db": "NVD",
            "id": "CVE-2017-18863"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  NETGEAR Product injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014995"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2262"
          }
        ],
        "trust": 0.6
      }
    }