CVE-2018-21114 - Vulnerability Details

Vendors	Products
Netgear	D7800 D7800 Firmware Ex6100 Ex6100 Firmware Ex6150 Ex6150 Firmware Ex6200 Ex6200 Firmware Ex6400 Ex6400 Firmware Ex7300 Ex7300 Firmware R6100 R6100 Firmware R7500 R7500 Firmware R7800 R7800 Firmware R9000 R9000 Firmware Wn3000rp Wn3000rp Firmware Wndr4300 Wndr4300 Firmware Wndr4500 Wndr4500 Firmware

Link	Providers
https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-22T14:43:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-21114", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645", "refsource": "CONFIRM", "url": "https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:19:27.653Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-21114", "datePublished": "2020-04-22T14:43:55", "dateReserved": "2020-04-20T00:00:00", "dateUpdated": "2024-08-05T12:19:27.653Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2018-12-07T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-04-22T14:43:55 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2018-21114 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : ADJACENT (string)

availabilityImpact : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645 (string)

refsource : CONFIRM (string)

url : https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T12:19:27.653Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2018-21114 (string)

datePublished : 2020-04-22T14:43:55 (string)

dateReserved : 2020-04-20T00:00:00 (string)

dateUpdated : 2024-08-05T12:19:27.653Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A6C9089-563D-4345-90C7-D2D512382BF1", "versionEndExcluding": "1.0.1.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CC8DA05-7E8B-4759-9FA8-69626A90662E", "versionEndExcluding": "1.0.1.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", "matchCriteriaId": "49846803-C6FB-4DD3-ADA7-78B9923536F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C5401F4-5D39-4A08-BB79-DD6CB2D4C94A", "versionEndExcluding": "1.0.1.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", "matchCriteriaId": "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9960B0A-DB8C-4F8E-8C36-99B64F3A7F71", "versionEndExcluding": "1.0.1.64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", "matchCriteriaId": "B4F62287-CB55-4FB1-AA39-62018654BA39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2138C164-530B-4F97-8107-035F9D0852B0", "versionEndExcluding": "1.0.2.136", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F285D60D-A5DA-4467-8F79-15EF8135D007", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0A1B4BD-9DD6-4999-B0FA-F843713C991F", "versionEndExcluding": "1.0.2.136", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", "matchCriteriaId": "1289BBB4-1955-46A4-B5FE-BF11153C24F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "01A66936-4268-4990-8E83-24C74A75B9F6", "versionEndExcluding": "1.0.1.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F44A123-B256-428B-98C2-17570F2F32DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F227D99-88C9-457F-BCA5-665F531E04AB", "versionEndExcluding": "1.0.0.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF3B3F26-401C-4ED0-B871-4B4F8521F369", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "228D2C78-E876-4E4C-A5E2-FB215B0917E2", "versionEndExcluding": "1.0.2.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1F914AD-70DC-47F5-A2F7-672DBE89C62E", "versionEndExcluding": "1.0.4.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E0DB980-BC4C-4686-B3EB-A8D9FFC720F1", "versionEndExcluding": "1.0.0.56", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:*", "matchCriteriaId": "3DAD97C7-458D-4547-82A4-EC7F4CFB2A90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FAAE779-B8EA-42A3-BF22-FF17D779300E", "versionEndExcluding": "1.0.2.52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:*", "matchCriteriaId": "AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1425F7B0-0990-43F4-9621-8DAE8508FEED", "versionEndExcluding": "1.0.0.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*", "matchCriteriaId": "4428B145-B86D-4709-BBA9-64BDE7D35A25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA", "versionEndExcluding": "1.0.0.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*", "matchCriteriaId": "C31D6808-4103-4543-B7AB-84A79CD12006", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.44, EX6150v2 versiones anteriores a 1.0.1.70, EX6100v2 versiones anteriores a 1.0.1.70, EX6200v2 versiones anteriores a 1.0.1.64, EX7300 versiones anteriores a 1.0.2.136, EX6400 versiones anteriores a 1.0.2.136, R6100 versiones anteriores a 1.0.1.16, R7500 versiones anteriores a 1.0.0.110, R7800 versiones anteriores a 1.0.2.32, R9000 versiones anteriores a 1.0.4.12, WN3000RPv2 versiones anteriores a 1.0.0.56, WN3000RPv3 versiones anteriores a 1.0.2.52, WNDR4300v2 versiones anteriores a 1.0.0.50 y WNDR4500v3 versiones anteriores a 1.0.0.50."}], "id": "CVE-2018-21114", "lastModified": "2024-11-21T04:02:56.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-22T15:15:13.537", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A6C9089-563D-4345-90C7-D2D512382BF1 (string)

versionEndExcluding : 1.0.1.44 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DA2D4987-3726-4A72-8D32-592F59FAC46D (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0CC8DA05-7E8B-4759-9FA8-69626A90662E (string)

versionEndExcluding : 1.0.1.70 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:* (string)

matchCriteriaId : 49846803-C6FB-4DD3-ADA7-78B9923536F2 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4C5401F4-5D39-4A08-BB79-DD6CB2D4C94A (string)

versionEndExcluding : 1.0.1.70 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:* (string)

matchCriteriaId : 88DD070C-7CBD-48A5-8D77-7C3D1C502D65 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D9960B0A-DB8C-4F8E-8C36-99B64F3A7F71 (string)

versionEndExcluding : 1.0.1.64 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:* (string)

matchCriteriaId : B4F62287-CB55-4FB1-AA39-62018654BA39 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2138C164-530B-4F97-8107-035F9D0852B0 (string)

versionEndExcluding : 1.0.2.136 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F285D60D-A5DA-4467-8F79-15EF8135D007 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E0A1B4BD-9DD6-4999-B0FA-F843713C991F (string)

versionEndExcluding : 1.0.2.136 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1289BBB4-1955-46A4-B5FE-BF11153C24F5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 01A66936-4268-4990-8E83-24C74A75B9F6 (string)

versionEndExcluding : 1.0.1.16 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9F44A123-B256-428B-98C2-17570F2F32DC (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F227D99-88C9-457F-BCA5-665F531E04AB (string)

versionEndExcluding : 1.0.0.110 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EF3B3F26-401C-4ED0-B871-4B4F8521F369 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 228D2C78-E876-4E4C-A5E2-FB215B0917E2 (string)

versionEndExcluding : 1.0.2.32 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 17CF7445-6950-45FE-9D1A-E23F63316329 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F1F914AD-70DC-47F5-A2F7-672DBE89C62E (string)

versionEndExcluding : 1.0.4.12 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2E0DB980-BC4C-4686-B3EB-A8D9FFC720F1 (string)

versionEndExcluding : 1.0.0.56 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wn3000rp:v2:*:*:*:*:*:*:* (string)

matchCriteriaId : 3DAD97C7-458D-4547-82A4-EC7F4CFB2A90 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

11 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wn3000rp_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6FAAE779-B8EA-42A3-BF22-FF17D779300E (string)

versionEndExcluding : 1.0.2.52 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wn3000rp:v3:*:*:*:*:*:*:* (string)

matchCriteriaId : AB71AC74-2D1B-4F1E-A70F-6590A00AAD9E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

12 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1425F7B0-0990-43F4-9621-8DAE8508FEED (string)

versionEndExcluding : 1.0.0.50 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:* (string)

matchCriteriaId : 4428B145-B86D-4709-BBA9-64BDE7D35A25 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

13 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 81A6B7D4-1CBB-4D9E-8EB2-E5E82AFA59FA (string)

versionEndExcluding : 1.0.0.50 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:* (string)

matchCriteriaId : C31D6808-4103-4543-B7AB-84A79CD12006 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. (string)

}

1 : { »

lang : es (string)

value : Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.44, EX6150v2 versiones anteriores a 1.0.1.70, EX6100v2 versiones anteriores a 1.0.1.70, EX6200v2 versiones anteriores a 1.0.1.64, EX7300 versiones anteriores a 1.0.2.136, EX6400 versiones anteriores a 1.0.2.136, R6100 versiones anteriores a 1.0.1.16, R7500 versiones anteriores a 1.0.0.110, R7800 versiones anteriores a 1.0.2.32, R9000 versiones anteriores a 1.0.4.12, WN3000RPv2 versiones anteriores a 1.0.0.56, WN3000RPv3 versiones anteriores a 1.0.2.52, WNDR4300v2 versiones anteriores a 1.0.0.50 y WNDR4500v3 versiones anteriores a 1.0.0.50. (string)

}

]

id : CVE-2018-21114 (string)

lastModified : 2024-11-21T04:02:56.130 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : ADJACENT_NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5.2 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:A/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 5.1 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 0.9 (number)

impactScore : 5.9 (number)

source : cve@mitre.org (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-04-22T15:15:13.537 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.netgear.com/000060437/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Modem-Routers-and-Wireless-Extenders-PSV-2017-0645 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-74 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object