{ "id": "CVE-2017-18847", "sourceIdentifier": "cve@mitre.org", "published": "2020-04-20T16:15:13.787", "lastModified": "2020-04-22T15:43:56.643", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29." }, { "lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por la capacidad de un atacante para leer archivos arbitrarios. Esto afecta a R6400v2 versiones anteriores a 1.0.2.32, R7000P/R6900P versiones anteriores a 1.0.0.56, R7900 versiones anteriores a 1.0.1.18, R8300 versiones anteriores a 1.0.2.100_1.0.82, R8500 versiones anteriores a 1.0.2.100_1.0.82, y D8500 versiones anteriores a 1.0.3.29." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ], "cvssMetricV30": [ { "source": "cve@mitre.org", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.5, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1 }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.32", "matchCriteriaId": "DB7B08B9-07D2-4404-846A-D1CA02C16557" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.56", "matchCriteriaId": "ADFE7176-BD34-467C-A167-E869E04A8E97" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.56", "matchCriteriaId": "2E9EF43B-2542-44CE-A1D6-DECCCFBC1F5F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.1.18", "matchCriteriaId": "A98DFA81-D1BA-41AE-A6A3-1EBBFC452D0F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", "matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.100_1.0.82", "matchCriteriaId": "FA4A3678-F7BB-453F-A245-58E58116415B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.100_1.0.82", "matchCriteriaId": "BAEFC983-46C7-49F2-8A65-7014BB703036" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.3.29", "matchCriteriaId": "20564DE0-E58D-4628-ADD6-AC7C90AD85F7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01" } ] } ] } ], "references": [ { "url": "https://kb.netgear.com/000049012/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-PSV-PSV-2017-0783", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }