CVE-2017-18733

Published Apr 23, 2020

Last updated 5 years ago

CVSS high 8.8

Overview

Description: Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 6.4
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA24D11F-7DF0-44E7-B122-7C5853043E71",
            "versionEndExcluding": "1.0.0.28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D1F0B30-4BB4-4573-BE0D-381B31CD2A36",
            "versionEndExcluding": "1.0.0.60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20564DE0-E58D-4628-ADD6-AC7C90AD85F7",
            "versionEndExcluding": "1.0.3.29"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13B4777D-CC2E-4A6B-946F-3E511D8D4B36",
            "versionEndExcluding": "1.0.4.8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43A9840B-1C54-4987-A179-EE8F8F8685FC",
            "versionEndExcluding": "1.0.1.22"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB7B08B9-07D2-4404-846A-D1CA02C16557",
            "versionEndExcluding": "1.0.2.32"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "833A98AF-A4B0-4C68-AACD-6B3F58E64060",
            "versionEndExcluding": "1.0.0.32"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C75148EB-DE6C-4C5C-BF34-4800A66CF11C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02C2BB4F-8FBB-47BF-A05F-72DDC2D0A31B",
            "versionEndExcluding": "1.0.0.52"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A18E8950-B107-4050-AFEF-30C20F6166FA",
            "versionEndExcluding": "1.0.2.94"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEE4B878-05AB-4B45-BCA4-28795AA454F9",
            "versionEndExcluding": "1.0.2.100"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References