Lucene search

[email protected]CVE-2017-18821

HistoryApr 21, 2020 - 2:15 p.m.

CVE-2017-18821

2020-04-2114:15:11

CWE-79

[email protected]

web.nvd.nist.gov

netgear

stored xss

cve-2017-18821

m4300 series

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Affected configurations

NVD

Node

netgearm4300-28g_firmwareRange<12.0.2.15

AND

netgearm4300-28gMatch-

Node

netgearm4300-52g_firmwareRange<12.0.2.15

AND

netgearm4300-52gMatch-

Node

netgearm4300-28g-poe\+_firmwareRange<12.0.2.15

AND

netgearm4300-28g-poe\+Match-

Node

netgearm4300-52g-poe\+_firmwareRange<12.0.2.15

AND

netgearm4300-52g-poe\+Match-

Node

netgearm4300-8x8f_firmwareRange<12.0.2.15

AND

netgearm4300-8x8fMatch-

Node

netgearm4300-12x12f_firmwareRange<12.0.2.15

AND

netgearm4300-12x12fMatch-

Node

netgearm4300-24x24f_firmwareRange<12.0.2.15

AND

netgearm4300-24x24fMatch-

Node

netgearm4300-24x_firmwareRange<12.0.2.15

AND

netgearm4300-24xMatch-

Node

netgearm4300-48x_firmwareRange<12.0.2.15

AND

netgearm4300-48xMatch-

Node

netgearm4200_firmwareRange<12.0.2.15

AND

netgearm4200Match-

CPENameOperatorVersion
netgear:m4300-28g_firmwarenetgear m4300-28g firmwarelt12.0.2.15

CPE	Name	Operator	Version
netgear:m4300-28g_firmware	netgear m4300-28g firmware	lt	12.0.2.15

References

kb.netgear.com/000049044/Security-Advisory-for-Store-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1948

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2017-18821

prion1 nvd1 cvelist1