CVE-2017-18806 - Vulnerability Details

Vendors	Products
Netgear	Wac120 Wac120 Firmware Wac510 Wac510 Firmware Wn604 Wn604 Firmware Wnap210 Wnap210 Firmware Wnap320 Wnap320 Firmware Wnd930 Wnd930 Firmware Wndap350 Wndap350 Firmware Wndap360 Wndap360 Firmware Wndap620 Wndap620 Firmware Wndap660 Wndap660 Firmware

Link	Providers
https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-21T15:56:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18806", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214", "refsource": "CONFIRM", "url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:37:44.029Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18806", "datePublished": "2020-04-21T15:56:41", "dateReserved": "2020-04-20T00:00:00", "dateUpdated": "2024-08-05T21:37:44.029Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-04-21T15:56:41 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2017-18806 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214 (string)

refsource : CONFIRM (string)

url : https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T21:37:44.029Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2017-18806 (string)

datePublished : 2020-04-21T15:56:41 (string)

dateReserved : 2020-04-20T00:00:00 (string)

dateUpdated : 2024-08-05T21:37:44.029Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "806B48FE-912E-488A-A89A-3321BF14B351", "versionEndExcluding": "1.3.0.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:*", "matchCriteriaId": "08B1B759-5015-4489-A2B4-0F580E884868", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD64ACCC-A1E0-4D9F-B6E4-8AB8AD7936E5", "versionEndExcluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8E5414D-8F4F-4E21-B79F-61B14F0C9990", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9267B577-EF4D-43A5-BC91-CB363F8EA421", "versionEndExcluding": "2.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:*", "matchCriteriaId": "666A5E55-B07C-4615-A9F0-5CA8C7D40637", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E7CFEDD-259B-4E40-9308-A071D236D4C7", "versionEndExcluding": "2.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*", "matchCriteriaId": "91593610-E45D-450B-AD40-74375DA37EF6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEBD44BB-11A5-45C8-A675-E9CBBB31C48F", "versionEndExcluding": "3.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "965D072C-3F4F-49EB-93DB-377E91372214", "versionEndExcluding": "3.7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*", "matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E3E920F-B954-4D9F-A918-214A00785A9A", "versionEndExcluding": "3.7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*", "matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1B6AA52-F11E-4836-AF1D-7682FBD56CA4", "versionEndExcluding": "3.7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFC5C872-DEC5-47EF-AA32-7D82E8DB9E48", "versionEndExcluding": "3.7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:*", "matchCriteriaId": "B442489B-A88F-477C-A835-2081891A15CE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E46CB6AD-BCE4-4A82-B2CC-22190AEB2F3B", "versionEndExcluding": "3.7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*", "matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR, est\u00e1n afectados por una inyecci\u00f3n de comandos. Esto afecta a WAC510 versiones anteriores a la versi\u00f3n 1.3.0.10, WAC120 versiones anteriores a la versi\u00f3n  2.1.4, WNDAP620 versiones anteriores a la versi\u00f3n 2.1.3, WND930 versiones anteriores a la versi\u00f3n  2.1.2, WN604 versiones anteriores a la versi\u00f3n 3.3. 7, WNDAP660 versiones anteriores a la versi\u00f3n  3.7.4.0, WNDAP350 versiones anteriores a la versi\u00f3n  3.7.4.0, WNAP320 versiones anteriores a la versi\u00f3n 3.7.4.0, WNAP210v2 versiones anteriores a la versi\u00f3n 3.7.4.0, y WNDAP360 versiones anteriores a la versi\u00f3n 3.7.4.0."}], "id": "CVE-2017-18806", "lastModified": "2024-11-21T03:20:58.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-21T16:15:51.337", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wac510_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 806B48FE-912E-488A-A89A-3321BF14B351 (string)

versionEndExcluding : 1.3.0.10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wac510:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 08B1B759-5015-4489-A2B4-0F580E884868 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wac120_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AD64ACCC-A1E0-4D9F-B6E4-8AB8AD7936E5 (string)

versionEndExcluding : 2.1.4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wac120:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A8E5414D-8F4F-4E21-B79F-61B14F0C9990 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wndap620_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9267B577-EF4D-43A5-BC91-CB363F8EA421 (string)

versionEndExcluding : 2.1.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wndap620:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 666A5E55-B07C-4615-A9F0-5CA8C7D40637 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6E7CFEDD-259B-4E40-9308-A071D236D4C7 (string)

versionEndExcluding : 2.1.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 91593610-E45D-450B-AD40-74375DA37EF6 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BEBD44BB-11A5-45C8-A675-E9CBBB31C48F (string)

versionEndExcluding : 3.3.7 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CD31DCAA-BAA5-4463-9EA4-A7076A625407 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 965D072C-3F4F-49EB-93DB-377E91372214 (string)

versionEndExcluding : 3.7.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 58D2492E-0CDC-4242-9206-7F0453B11CBD (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E3E920F-B954-4D9F-A918-214A00785A9A (string)

versionEndExcluding : 3.7.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C82A16C2-DC48-4792-A4C7-8AC43F84196D (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C1B6AA52-F11E-4836-AF1D-7682FBD56CA4 (string)

versionEndExcluding : 3.7.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wnap210_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AFC5C872-DEC5-47EF-AA32-7D82E8DB9E48 (string)

versionEndExcluding : 3.7.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wnap210:v2:*:*:*:*:*:*:* (string)

matchCriteriaId : B442489B-A88F-477C-A835-2081891A15CE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E46CB6AD-BCE4-4A82-B2CC-22190AEB2F3B (string)

versionEndExcluding : 3.7.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7975D6EC-1816-4D52-8C87-77C1B6404120 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. (string)

}

1 : { »

lang : es (string)

value : Determinados dispositivos NETGEAR, están afectados por una inyección de comandos. Esto afecta a WAC510 versiones anteriores a la versión 1.3.0.10, WAC120 versiones anteriores a la versión 2.1.4, WNDAP620 versiones anteriores a la versión 2.1.3, WND930 versiones anteriores a la versión 2.1.2, WN604 versiones anteriores a la versión 3.3. 7, WNDAP660 versiones anteriores a la versión 3.7.4.0, WNDAP350 versiones anteriores a la versión 3.7.4.0, WNAP320 versiones anteriores a la versión 3.7.4.0, WNAP210v2 versiones anteriores a la versión 3.7.4.0, y WNDAP360 versiones anteriores a la versión 3.7.4.0. (string)

}

]

id : CVE-2017-18806 (string)

lastModified : 2024-11-21T03:20:58.387 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : cve@mitre.org (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-04-21T16:15:51.337 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.netgear.com/000049061/Security-Advisory-for-Command-Injection-Vulnerability-on-Some-Wireless-Access-Points-PSV-2017-2214 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-74 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object