Vulnerability Name:

CVE-2017-18859 (CCN-181226)

Assigned:2017-05-30
Published:2017-05-30
Updated:2020-05-04
Summary:Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2017-18859

Source: XF
Type: UNKNOWN
netgear-cve201718859-dos(181226)

Source: CCN
Type: NETGEAR Article ID: 000038560
Security Advisory for Vulnerability on Select Cable Modems and Gateways, PSV-2017-2165

Source: CONFIRM
Type: Vendor Advisory
https://kb.netgear.com/000038560/Security-Advisory-for-Vulnerability-on-Select-Cable-Modems-and-Gateways-PSV-2017-2165

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netgear:c6300_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-30)
  • AND
  • cpe:/h:netgear:c6300:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:netgear:cm400_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-30)
  • AND
  • cpe:/h:netgear:cm400:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:netgear:cm700_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-30)
  • AND
  • cpe:/h:netgear:cm700:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netgear:cmd31t_firmware:*:*:*:*:*:*:*:* (Version < 2017-05-30)
  • AND
  • cpe:/h:netgear:cmd31t:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:netgear:cm400:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:cm600:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:c6300:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:cm700:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netgear c6300 firmware *
    netgear c6300 -
    netgear cm400 firmware *
    netgear cm400 -
    netgear cm700 firmware *
    netgear cm700 -
    netgear cmd31t firmware *
    netgear cmd31t -
    netgear cm400 -
    netgear cm600 -
    netgear c6300 -
    netgear cm700 -